Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Overview

General Information

Sample name:3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
renamed because original name is a hash value
Original sample name:3_.pdf.exe
Analysis ID:1385428
MD5:075d6c122274cb9226521d3cd298f2f2
SHA1:6f54d70f39fa28596ef90bfcb0c14278b016db1b
SHA256:92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573
Tags:exeRemoteUtilitiesrurat
Infos:

Detection

RMSRemoteAdmin, Remote Utilities
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remote Utilities RAT
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses an obfuscated file name to hide its real file extension (double extension)
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Stores large binary data to the registry
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected RMS RemoteAdmin tool
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7448 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7528 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • rfusclient.exe (PID: 7600 cmdline: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi MD5: 6AAE165F3B1575DB887A0370CFC80083)
    • rutserv.exe (PID: 7640 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall MD5: 652C2A693B333504A3879460D0AF7224)
    • rutserv.exe (PID: 7676 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall MD5: 652C2A693B333504A3879460D0AF7224)
    • rutserv.exe (PID: 7772 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start MD5: 652C2A693B333504A3879460D0AF7224)
  • rutserv.exe (PID: 7876 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service MD5: 652C2A693B333504A3879460D0AF7224)
    • rutserv.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall MD5: 652C2A693B333504A3879460D0AF7224)
    • rfusclient.exe (PID: 8048 cmdline: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe MD5: 6AAE165F3B1575DB887A0370CFC80083)
      • rfusclient.exe (PID: 5016 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray MD5: 6AAE165F3B1575DB887A0370CFC80083)
    • rfusclient.exe (PID: 8068 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray MD5: 6AAE165F3B1575DB887A0370CFC80083)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
    C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
    • 0x39d3a4:$s1: rman_message
    • 0x405be0:$s3: rms_host_
    • 0x40657c:$s3: rms_host_
    • 0x7a410c:$s4: rman_av_capture_settings
    • 0x3a76cc:$s7: _rms_log.txt
    • 0x45d27c:$s8: rms_internet_id_settings
    C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
      C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
      • 0x3a02f0:$s1: rman_message
      • 0x431f3c:$s3: rms_host_
      • 0x4328e0:$s3: rms_host_
      • 0x7d1f30:$s4: rman_av_capture_settings
      • 0x83a260:$s5: rman_registry_key
      • 0x83a2ac:$s5: rman_registry_key
      • 0x4e5a1c:$s6: rms_system_information
      • 0x2e6274:$s7: _rms_log.txt
      • 0x4a5efc:$s8: rms_internet_id_settings

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
        00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
          00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
            00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
              Process Memory Space: rfusclient.exe PID: 7600JoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
                Click to see the 2 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                4.0.rfusclient.exe.650000.0.unpackJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
                  4.0.rfusclient.exe.650000.0.unpackMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
                  • 0x39d3a4:$s1: rman_message
                  • 0x405be0:$s3: rms_host_
                  • 0x40657c:$s3: rms_host_
                  • 0x7a410c:$s4: rman_av_capture_settings
                  • 0x3a76cc:$s7: _rms_log.txt
                  • 0x45d27c:$s8: rms_internet_id_settings

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Suspicious Double Extension File Execution
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, CommandLine: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, NewProcessName: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, OriginalFileName: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, ProcessId: 7316, ProcessName: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 101.99.94.54, DestinationIsIpv6: false, DestinationPort: 465, EventID: 3, Image: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Initiated: true, ProcessId: 7876, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49736

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeVirustotal: Detection: 28%Perma Link
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002690 CRYPTO_free,5_2_11002690
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11017100 DES_ecb_encrypt,DES_encrypt1,5_2_11017100
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002120 CRYPTO_set_mem_ex_functions,5_2_11002120
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103A120 BN_BLINDING_create_param,CRYPTO_malloc,ERR_put_error,_memset,BN_dup,CRYPTO_THREADID_current,BN_new,BN_new,BN_free,BN_dup,BN_rand_range,BN_mod_inverse,ERR_peek_last_error,ERR_clear_error,BN_rand_range,ERR_put_error,BN_mod_exp,BN_BLINDING_free,5_2_1103A120
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104C120 DSA_SIG_new,CRYPTO_malloc,5_2_1104C120
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108C120 ASN1_PCTX_new,CRYPTO_malloc,ERR_put_error,5_2_1108C120
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11046130 RSA_padding_add_PKCS1_OAEP_mgf1,EVP_sha1,EVP_MD_size,ERR_put_error,EVP_Digest,_memset,RAND_bytes,CRYPTO_malloc,PKCS1_MGF1,PKCS1_MGF1,CRYPTO_free,CRYPTO_free,5_2_11046130
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108E130 a2i_ASN1_ENUMERATED,BIO_gets,CRYPTO_malloc,CRYPTO_realloc,BIO_gets,ERR_put_error,CRYPTO_free,5_2_1108E130
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11019150 DES_ofb_encrypt,DES_encrypt1,5_2_11019150
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11047150 RSA_padding_add_PKCS1_PSS_mgf1,EVP_MD_size,BN_num_bits,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,ERR_put_error,RAND_bytes,EVP_MD_CTX_init,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,PKCS1_MGF1,CRYPTO_free,5_2_11047150
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104C150 DSA_SIG_free,BN_free,BN_free,CRYPTO_free,5_2_1104C150
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106E150 ERR_load_ERR_strings,CRYPTO_lock,CRYPTO_lock,5_2_1106E150
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11068160 BIO_get_accept_socket,BIO_sock_init,BUF_strdup,DSO_global_lookup,DSO_global_lookup,BIO_get_port,htons,BIO_get_host_ip,htonl,socket,setsockopt,bind,WSAGetLastError,htonl,socket,connect,closesocket,closesocket,socket,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,ERR_put_error,ERR_add_error_data,ERR_put_error,listen,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,CRYPTO_free,closesocket,5_2_11068160
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C2160 ENGINE_add,ERR_put_error,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,5_2_110C2160
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F170 idea_cbc_encrypt,idea_encrypt,idea_encrypt,idea_encrypt,idea_encrypt,5_2_1101F170
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002180 CRYPTO_set_locked_mem_functions,5_2_11002180
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E180 DSO_new_method,DSO_METHOD_openssl,CRYPTO_malloc,ERR_put_error,sk_new_null,ERR_put_error,CRYPTO_free,sk_free,CRYPTO_free,5_2_1104E180
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072180 EVP_EncryptUpdate,ERR_put_error,5_2_11072180
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107D180 EVP_PKEY_encrypt_init,ERR_put_error,5_2_1107D180
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053190 EC_POINT_free,CRYPTO_free,5_2_11053190
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110311A0 CRYPTO_gcm128_encrypt,5_2_110311A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F1A0 ERR_peek_last_error_line_data,ERR_get_state,CRYPTO_free,CRYPTO_free,5_2_1106F1A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110811A0 ASN1_item_i2d_bio,ASN1_item_i2d,ERR_put_error,BIO_write,BIO_write,CRYPTO_free,CRYPTO_free,5_2_110811A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110171B0 DES_cbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,5_2_110171B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105B1B0 EC_KEY_get_key_method_data,CRYPTO_lock,CRYPTO_lock,5_2_1105B1B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110021C0 CRYPTO_set_locked_mem_ex_functions,5_2_110021C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110511C0 BN_dup,BN_free,BN_dup,BN_free,CRYPTO_free,BUF_memdup,5_2_110511C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110531C0 EC_POINT_clear_free,OPENSSL_cleanse,CRYPTO_free,5_2_110531C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110031D0 CRYPTO_dbg_realloc,CRYPTO_dbg_malloc,CRYPTO_is_mem_check_on,CRYPTO_mem_ctrl,lh_delete,lh_insert,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_110031D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110721D0 EVP_EncryptFinal_ex,ERR_put_error,OpenSSLDie,ERR_put_error,_memset,5_2_110721D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107F1D0 ASN1_UTCTIME_adj,ASN1_STRING_type_new,OPENSSL_gmtime,OPENSSL_gmtime_adj,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,BIO_snprintf,5_2_1107F1D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110801D0 BN_to_ASN1_INTEGER,ASN1_STRING_type_new,BN_num_bits,CRYPTO_realloc,ERR_put_error,ASN1_STRING_free,BN_bn2bin,5_2_110801D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108F1D0 BIO_new_NDEF,CRYPTO_malloc,BIO_f_asn1,BIO_new,BIO_push,BIO_asn1_set_prefix,BIO_asn1_set_suffix,BIO_ctrl,BIO_free,CRYPTO_free,ERR_put_error,5_2_1108F1D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110041E0 CRYPTO_lock,sk_num,sk_num,CRYPTO_get_ex_data,CRYPTO_set_ex_data,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_set_ex_data,CRYPTO_free,5_2_110041E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110501F0 DH_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,5_2_110501F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107D1F0 EVP_PKEY_encrypt,ERR_put_error,EVP_PKEY_size,ERR_put_error,ERR_put_error,ERR_put_error,5_2_1107D1F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020000 BF_encrypt,5_2_11020000
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053000 CRYPTO_free,5_2_11053000
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11082000 ASN1_item_digest,ASN1_item_i2d,EVP_Digest,CRYPTO_free,CRYPTO_free,5_2_11082000
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11086030 X509_CRL_METHOD_new,CRYPTO_malloc,5_2_11086030
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11068040 BIO_get_host_ip,ERR_put_error,BIO_sock_init,CRYPTO_lock,gethostbyname,ERR_put_error,ERR_put_error,CRYPTO_lock,ERR_add_error_data,5_2_11068040
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11070040 OBJ_add_object,lh_new,OBJ_dup,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,CRYPTO_free,ASN1_OBJECT_free,lh_insert,CRYPTO_free,5_2_11070040
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11083050 i2d_ASN1_TYPE,CRYPTO_malloc,i2d_ASN1_TYPE,CRYPTO_free,5_2_11083050
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E060 RC2_cfb64_encrypt,RC2_encrypt,RC2_encrypt,5_2_1101E060
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053060 CRYPTO_free,5_2_11053060
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004070 CRYPTO_get_ex_data,sk_num,sk_value,5_2_11004070
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11030070 CRYPTO_nistcts128_decrypt_block,CRYPTO_cbc128_decrypt,CRYPTO_cbc128_decrypt,5_2_11030070
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023080 CAST_ofb64_encrypt,CAST_encrypt,5_2_11023080
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11050080 DH_new_method,CRYPTO_malloc,ERR_put_error,DH_OpenSSL,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_DH,X509_PURPOSE_get0_name,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,5_2_11050080
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11080080 ASN1_INTEGER_set,CRYPTO_free,CRYPTO_malloc,ERR_put_error,5_2_11080080
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11082080 ASN1_verify,EVP_MD_CTX_init,OBJ_obj2nid,OBJ_nid2sn,EVP_get_digestbyname,ERR_put_error,EVP_MD_CTX_cleanup,ERR_put_error,EVP_MD_CTX_cleanup,CRYPTO_malloc,ERR_put_error,EVP_DigestInit_ex,EVP_DigestUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_VerifyFinal,EVP_MD_CTX_cleanup,ERR_put_error,EVP_MD_CTX_cleanup,5_2_11082080
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110020A0 CRYPTO_set_mem_functions,OPENSSL_init,5_2_110020A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110040A0 CRYPTO_lock,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_free,5_2_110040A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110530A0 CRYPTO_free,5_2_110530A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110310B0 CRYPTO_gcm128_aad,5_2_110310B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108D0B0 EVP_PKEY_asn1_add_alias,CRYPTO_malloc,_memset,EVP_PKEY_asn1_add0,EVP_PKEY_asn1_free,5_2_1108D0B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103F0C0 BN_MONT_CTX_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,5_2_1103F0C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110810C0 ASN1_i2d_bio,CRYPTO_malloc,ERR_put_error,BIO_write,BIO_write,CRYPTO_free,CRYPTO_free,5_2_110810C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110840D0 X509_PUBKEY_set0_param,X509_ALGOR_set0,CRYPTO_free,5_2_110840D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110030E0 CRYPTO_dbg_free,CRYPTO_is_mem_check_on,CRYPTO_mem_ctrl,lh_delete,CRYPTO_free,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_110030E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110530E0 EC_POINT_new,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,5_2_110530E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002300 CRYPTO_get_locked_mem_functions,5_2_11002300
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11022300 CAST_encrypt,5_2_11022300
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11067300 BIO_vprintf,CRYPTO_push_info_,CRYPTO_free,BIO_write,CRYPTO_free,BIO_write,CRYPTO_pop_info,5_2_11067300
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11086300 X509_INFO_free,CRYPTO_add_lock,X509_free,X509_CRL_free,X509_PKEY_free,CRYPTO_free,CRYPTO_free,5_2_11086300
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023310 AES_cfb1_encrypt,AES_encrypt,CRYPTO_cfb128_1_encrypt,5_2_11023310
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11050310 DH_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_11050310
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105F310 ECPKParameters_print,BN_CTX_new,EC_GROUP_get_asn1_flag,BIO_indent,ENGINE_get_pkey_asn1_meths,OBJ_nid2sn,BIO_printf,BIO_printf,EC_curve_nid2nist,BIO_indent,BIO_printf,pqueue_peek,X509_TRUST_get_flags,BN_new,BN_new,BN_new,BN_new,BN_new,EC_GROUP_get_curve_GF2m,EC_GROUP_get_curve_GFp,X509_TRUST_get_flags,EC_GROUP_get_order,EC_GROUP_get_cofactor,ENGINE_get_init_function,EC_POINT_point2bn,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,ENGINE_get_finish_function,EVP_MD_block_size,CRYPTO_malloc,BIO_indent,OBJ_nid2sn,BIO_printf,EC_GROUP_get_basis_type,BIO_indent,OBJ_nid2sn,BIO_printf,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ERR_put_error,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_CTX_free,CRYPTO_free,5_2_1105F310
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11039320 BN_set_word,CRYPTO_malloc,ERR_put_error,__time64,RAND_add,RAND_bytes,RAND_pseudo_bytes,BN_bin2bn,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,5_2_11039320
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A320 RSA_public_encrypt,5_2_1104A320
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11057320 ERR_put_error,EC_POINT_set_to_infinity,BN_CTX_new,X509_TRUST_get_flags,ERR_put_error,EC_POINT_cmp,BN_num_bits,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,BN_num_bits,CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_put_error,CRYPTO_free,ERR_put_error,CRYPTO_free,EC_POINT_new,EC_POINT_new,EC_POINT_copy,EC_POINT_dbl,EC_POINT_add,EC_POINTs_make_affine,EC_POINT_dbl,EC_POINT_invert,EC_POINT_copy,EC_POINT_add,EC_POINT_set_to_infinity,EC_POINT_invert,ERR_put_error,BN_CTX_free,EC_POINT_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EC_POINT_clear_free,CRYPTO_free,CRYPTO_free,5_2_11057320
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A330 RSA_private_encrypt,5_2_1104A330
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11081330 ASN1_ENUMERATED_set,CRYPTO_free,CRYPTO_malloc,ERR_put_error,5_2_11081330
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11085330 X509_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_11085330
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002340 CRYPTO_get_locked_mem_ex_functions,5_2_11002340
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A340 RSA_private_decrypt,5_2_1104A340
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11046340 RSA_padding_check_PKCS1_OAEP_mgf1,EVP_sha1,EVP_MD_size,CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,PKCS1_MGF1,PKCS1_MGF1,EVP_Digest,CRYPTO_memcmp,ERR_put_error,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,5_2_11046340
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11093340 ASN1_STRING_TABLE_add,sk_new,ERR_put_error,ASN1_STRING_TABLE_get,CRYPTO_malloc,ERR_put_error,sk_push,5_2_11093340
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023350 AES_cfb8_encrypt,AES_encrypt,CRYPTO_cfb128_8_encrypt,5_2_11023350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11037350 CRYPTO_malloc,CRYPTO_free,5_2_11037350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E350 DSO_up_ref,ERR_put_error,CRYPTO_add_lock,5_2_1104E350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11045350 RSA_verify_ASN1_OCTET_STRING,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,RSA_public_decrypt,d2i_ASN1_OCTET_STRING,ERR_put_error,ASN1_STRING_free,OPENSSL_cleanse,CRYPTO_free,5_2_11045350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A350 RSA_public_decrypt,5_2_1104A350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C2350 ENGINE_finish,ERR_put_error,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,5_2_110C2350
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106E360 ERR_clear_error,ERR_get_state,CRYPTO_free,5_2_1106E360
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E360 a2d_ASN1_OBJECT,ERR_put_error,BN_new,BN_set_word,BN_mul_word,BN_add_word,BN_add_word,BN_num_bits,CRYPTO_free,CRYPTO_malloc,BN_div_word,CRYPTO_free,BN_free,ERR_put_error,CRYPTO_free,BN_free,ERR_put_error,5_2_1107E360
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107D360 EVP_PKEY_decrypt,ERR_put_error,EVP_PKEY_size,ERR_put_error,ERR_put_error,ERR_put_error,5_2_1107D360
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002370 CRYPTO_get_mem_debug_functions,5_2_11002370
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004380 CRYPTO_lock,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,CRYPTO_lock,sk_value,CRYPTO_lock,sk_num,sk_value,CRYPTO_free,sk_free,5_2_11004380
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C380 EVP_PKEY_meth_new,CRYPTO_malloc,_memset,5_2_1107C380
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023390 AES_ofb128_encrypt,AES_encrypt,CRYPTO_ofb128_encrypt,5_2_11023390
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F3A0 ERR_load_crypto_strings,ERR_load_BN_strings,ERR_load_RSA_strings,ERR_load_DH_strings,ERR_load_EVP_strings,ERR_load_BUF_strings,ERR_load_OBJ_strings,ERR_load_PEM_strings,ERR_load_DSA_strings,ERR_load_X509_strings,ERR_load_ASN1_strings,ERR_load_CONF_strings,ERR_load_CRYPTO_strings,ERR_load_COMP_strings,ERR_load_EC_strings,ERR_load_ECDSA_strings,ERR_load_ECDH_strings,ERR_load_BIO_strings,ERR_load_PKCS7_strings,ERR_load_X509V3_strings,ERR_load_PKCS12_strings,ERR_load_RAND_strings,ERR_load_DSO_strings,ERR_load_TS_strings,ERR_load_ENGINE_strings,ERR_load_OCSP_strings,ERR_load_UI_strings,5_2_1106F3A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108E3A0 X509_PKEY_free,d2i_NETSCAPE_SPKAC,d2i_NETSCAPE_SPKAC,CRYPTO_add_lock,X509_ALGOR_free,ASN1_STRING_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,5_2_1108E3A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110633B0 BIO_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_110633B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108F3B0 sk_num,BIO_write,sk_value,OBJ_obj2nid,OBJ_nid2sn,EVP_get_digestbyname,BIO_puts,CRYPTO_free,BIO_puts,BIO_puts,sk_num,BIO_puts,5_2_1108F3B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110233C0 AES_ctr128_encrypt,AES_encrypt,CRYPTO_ctr128_encrypt,5_2_110233C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F3C0 SEED_ecb_encrypt,SEED_encrypt,SEED_decrypt,5_2_1102F3C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A3C0 sk_new,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,5_2_1106A3C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110023D0 CRYPTO_malloc_locked,5_2_110023D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110303E0 CRYPTO_nistcts128_decrypt,5_2_110303E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110373E0 BN_clear_free,CRYPTO_free,5_2_110373E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110413E0 BN_GF2m_mod_solve_quad,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_solve_quad_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,5_2_110413E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B23EE sk_value,CMS_RecipientEncryptedKey_cert_cmp,sk_num,CMS_RecipientInfo_kari_set0_pkey,CMS_RecipientInfo_kari_decrypt,CMS_RecipientInfo_kari_set0_pkey,5_2_110B23EE
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106E3E0 ERR_get_state,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_1106E3E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F3F0 SEED_cbc_encrypt,5_2_1102F3F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002200 CRYPTO_set_mem_debug_functions,OPENSSL_init,5_2_11002200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11018200 DES_cfb_encrypt,DES_encrypt1,DES_encrypt1,5_2_11018200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11025200 AES_encrypt,5_2_11025200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105B200 EC_KEY_insert_key_method_data,CRYPTO_lock,CRYPTO_lock,5_2_1105B200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110CA200 UI_new,CRYPTO_malloc,ERR_put_error,UI_OpenSSL,CRYPTO_new_ex_data,5_2_110CA200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C9200 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_110C9200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11032210 CRYPTO_ccm128_encrypt_ccm64,_memset,5_2_11032210
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11035210 BN_mod_exp_mont_consttime,BN_set_word,BN_set_word,BN_CTX_start,BN_MONT_CTX_new,BN_MONT_CTX_set,CRYPTO_malloc,_memset,BN_value_one,BN_ucmp,BN_div,BN_is_bit_set,BN_is_bit_set,BN_from_montgomery,BN_MONT_CTX_free,OPENSSL_cleanse,CRYPTO_free,BN_CTX_end,ERR_put_error,5_2_11035210
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11022230 CAST_ecb_encrypt,CAST_encrypt,CAST_decrypt,5_2_11022230
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11082230 ASN1_item_verify,ERR_put_error,ERR_put_error,EVP_MD_CTX_init,OBJ_obj2nid,OBJ_find_sigid_algs,ERR_put_error,ERR_put_error,OBJ_nid2sn,EVP_get_digestbyname,ERR_put_error,EVP_PKEY_type,ERR_put_error,EVP_DigestVerifyInit,ASN1_item_i2d,ERR_put_error,EVP_DigestUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_DigestVerifyFinal,ERR_put_error,EVP_MD_CTX_cleanup,5_2_11082230
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C2240 CRYPTO_lock,CRYPTO_lock,ERR_put_error,5_2_110C2240
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002250 CRYPTO_get_mem_functions,5_2_11002250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E250 RC2_ofb64_encrypt,RC2_encrypt,5_2_1101E250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11027250 private_AES_set_encrypt_key,5_2_11027250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11045250 RSA_sign_ASN1_OCTET_STRING,i2d_ASN1_OCTET_STRING,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_ASN1_OCTET_STRING,RSA_private_encrypt,OPENSSL_cleanse,CRYPTO_free,5_2_11045250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E250 DSO_free,ERR_put_error,CRYPTO_add_lock,ERR_put_error,ERR_put_error,sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_1104E250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C9250 UI_free,sk_pop_free,CRYPTO_free_ex_data,CRYPTO_free,5_2_110C9250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11027260 private_AES_set_decrypt_key,5_2_11027260
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108D260 a2i_ASN1_INTEGER,BIO_gets,CRYPTO_malloc,CRYPTO_realloc_clean,BIO_gets,ERR_put_error,CRYPTO_free,5_2_1108D260
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053270 EC_POINT_dup,EC_POINT_new,EC_POINT_copy,CRYPTO_free,5_2_11053270
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106E270 ERR_put_error,ERR_get_state,CRYPTO_free,5_2_1106E270
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108C280 i2s_ASN1_INTEGER,BIO_puts,CRYPTO_free,5_2_1108C280
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C9280 ERR_put_error,ERR_put_error,CRYPTO_malloc,5_2_110C9280
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E290 i2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ERR_put_error,ASN1_put_object,5_2_1107E290
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110232A0 AES_ecb_encrypt,AES_encrypt,AES_decrypt,5_2_110232A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110712A0 OBJ_add_sigid,sk_new,sk_new,CRYPTO_malloc,sk_push,CRYPTO_free,sk_push,sk_sort,sk_sort,5_2_110712A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110022B0 CRYPTO_get_mem_ex_functions,5_2_110022B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110862B0 X509_INFO_new,CRYPTO_malloc,ERR_put_error,5_2_110862B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110592C0 BN_new,BN_new,pqueue_peek,X509_TRUST_get_flags,EC_GROUP_get_curve_GFp,ERR_put_error,EC_GROUP_get_curve_GF2m,BN_num_bits,BN_num_bits,CRYPTO_malloc,BN_bn2bin,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,ASN1_STRING_set,ASN1_STRING_set,ASN1_BIT_STRING_new,CRYPTO_malloc,BN_bn2bin,ASN1_OCTET_STRING_set,ASN1_BIT_STRING_free,ERR_put_error,5_2_110592C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110232D0 AES_cfb128_encrypt,AES_encrypt,CRYPTO_cfb128_encrypt,5_2_110232D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110302D0 CRYPTO_cts128_decrypt,5_2_110302D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110372D0 bn_dup_expand,BN_new,CRYPTO_free,BN_new,BN_copy,BN_free,5_2_110372D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C22D0 ENGINE_init,ERR_put_error,CRYPTO_lock,CRYPTO_lock,5_2_110C22D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110032E0 __localtime64,BIO_snprintf,BIO_snprintf,X509_TRUST_get_flags,BIO_snprintf,BIO_snprintf,BIO_puts,CRYPTO_THREADID_cpy,_memset,X509_TRUST_get_flags,BIO_snprintf,BUF_strlcpy,BIO_snprintf,BIO_puts,CRYPTO_THREADID_cmp,5_2_110032E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110502E0 DH_up_ref,CRYPTO_add_lock,5_2_110502E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110722E0 EVP_DecryptUpdate,ERR_put_error,OpenSSLDie,5_2_110722E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107D2F0 EVP_PKEY_decrypt_init,ERR_put_error,5_2_1107D2F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11094500 _strrchr,OBJ_create,CRYPTO_malloc,OBJ_nid2obj,5_2_11094500
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004510 ERR_load_CRYPTO_strings,ERR_func_error_string,ERR_load_strings,ERR_load_strings,5_2_11004510
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002510 CRYPTO_strdup,CRYPTO_malloc,5_2_11002510
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11030510 CRYPTO_cfb128_encrypt,5_2_11030510
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105A520 i2d_ECPrivateKey,ASN1_item_new,ERR_put_error,BN_num_bits,EC_GROUP_get_degree,ERR_put_error,CRYPTO_malloc,BN_bn2bin,_memset,ASN1_STRING_set,ERR_put_error,CRYPTO_free,ASN1_item_free,ASN1_STRING_type_new,EC_POINT_point2oct,CRYPTO_realloc,EC_POINT_point2oct,ASN1_STRING_set,ERR_put_error,5_2_1105A520
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11061520 CRYPTO_malloc,ERR_put_error,ECDSA_OpenSSL,ENGINE_get_default_ECDSA,EVP_PKEY_CTX_get_app_data,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,5_2_11061520
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092530 ASN1_STRING_set,CRYPTO_malloc,CRYPTO_realloc,ERR_put_error,5_2_11092530
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003540 CRYPTO_mem_leaks,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,lh_doall_arg,BIO_printf,CRYPTO_lock,lh_free,lh_num_items,lh_free,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_11003540
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11091540 CONF_parse_list,i2d_ASN1_TYPE,ASN1_TYPE_free,ASN1_get_object,ASN1_object_size,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,ASN1_put_object,d2i_ASN1_TYPE,CRYPTO_free,CRYPTO_free,5_2_11091540
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B7540 X509_STORE_CTX_get0_policy_tree,EVP_PKEY_derive,EVP_CipherInit_ex,EVP_CipherUpdate,CRYPTO_malloc,EVP_CipherUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_CIPHER_CTX_cleanup,EVP_PKEY_CTX_free,5_2_110B7540
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103F550 BN_MONT_CTX_new,CRYPTO_malloc,BN_init,BN_init,BN_init,5_2_1103F550
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002560 CRYPTO_realloc,CRYPTO_malloc,5_2_11002560
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001580 CRYPTO_num_locks,5_2_11001580
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001590 CRYPTO_destroy_dynlockid,CRYPTO_lock,sk_num,sk_value,sk_set,CRYPTO_lock,CRYPTO_free,CRYPTO_lock,5_2_11001590
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11037590 BN_CTX_new,CRYPTO_malloc,ERR_put_error,5_2_11037590
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107B590 EVP_PBE_alg_add_type,sk_new,CRYPTO_malloc,ERR_put_error,sk_push,5_2_1107B590
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E5A0 DSO_set_filename,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,CRYPTO_free,ERR_put_error,5_2_1104E5A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D5A0 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,_strerror,_strncpy,CRYPTO_lock,5_2_1106D5A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103F5B0 BN_MONT_CTX_set_locked,CRYPTO_lock,CRYPTO_lock,BN_MONT_CTX_new,BN_MONT_CTX_set,BN_MONT_CTX_free,CRYPTO_lock,BN_MONT_CTX_free,CRYPTO_lock,5_2_1103F5B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110775B0 EVP_OpenInit,EVP_CIPHER_CTX_init,EVP_DecryptInit_ex,ERR_put_error,CRYPTO_free,RSA_size,CRYPTO_malloc,ERR_put_error,EVP_PKEY_decrypt_old,EVP_CIPHER_CTX_set_key_length,EVP_DecryptInit_ex,OPENSSL_cleanse,CRYPTO_free,5_2_110775B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110325C0 CRYPTO_ccm128_tag,5_2_110325C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110725C0 EVP_CIPHER_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,ENGINE_finish,_memset,5_2_110725C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108D5C0 a2i_ASN1_STRING,BIO_gets,CRYPTO_malloc,CRYPTO_realloc,BIO_gets,ERR_put_error,CRYPTO_free,5_2_1108D5C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108F5C0 BUF_strdup,BUF_strdup,CRYPTO_malloc,sk_push,5_2_1108F5C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B95D0 CRYPTO_malloc,BUF_strdup,BUF_strdup,sk_new_null,sk_push,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_110B95D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110025E0 CRYPTO_realloc_clean,CRYPTO_malloc,OPENSSL_cleanse,5_2_110025E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110595E0 BN_new,ERR_put_error,ASN1_item_new,X509_TRUST_get_flags,ENGINE_get_init_function,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,ASN1_OCTET_STRING_new,ASN1_OCTET_STRING_set,EC_GROUP_get_order,BN_to_ASN1_INTEGER,EC_GROUP_get_cofactor,BN_to_ASN1_INTEGER,ERR_put_error,ASN1_item_free,BN_free,CRYPTO_free,5_2_110595E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110175F0 DES_ecb3_encrypt,DES_encrypt3,DES_decrypt3,5_2_110175F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110375F0 BN_CTX_free,CRYPTO_free,CRYPTO_free,5_2_110375F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110925F0 ASN1_STRING_set0,CRYPTO_free,5_2_110925F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023400 AES_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,5_2_11023400
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031410 CRYPTO_gcm128_decrypt,5_2_11031410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11032410 CRYPTO_ccm128_decrypt_ccm64,_memset,5_2_11032410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11078410 EVP_PKEY_free,CRYPTO_add_lock,ENGINE_finish,X509_ATTRIBUTE_free,sk_pop_free,CRYPTO_free,5_2_11078410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108B410 asn1_do_lock,CRYPTO_add_lock,5_2_1108B410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020420 BF_decrypt,5_2_11020420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F420 SEED_cfb128_encrypt,SEED_encrypt,CRYPTO_cfb128_encrypt,5_2_1102F420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11063420 BIO_new,CRYPTO_malloc,ERR_put_error,BIO_set,CRYPTO_free,5_2_11063420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108E420 X509_PKEY_new,CRYPTO_malloc,X509_ALGOR_new,ASN1_STRING_type_new,X509_PKEY_free,ERR_put_error,5_2_1108E420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F430 ERR_print_errors_cb,CRYPTO_THREADID_current,X509_TRUST_get_flags,ERR_get_error_line_data,ERR_error_string_n,BIO_snprintf,ERR_get_error_line_data,5_2_1106F430
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101C440 DES_fcrypt,_memset,DES_set_key_unchecked,5_2_1101C440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11066440 CRYPTO_malloc,CRYPTO_realloc,5_2_11066440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A440 sk_insert,CRYPTO_realloc,5_2_1106A440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072440 EVP_DecryptFinal_ex,ERR_put_error,ERR_put_error,OpenSSLDie,ERR_put_error,ERR_put_error,5_2_11072440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002450 CRYPTO_free_locked,5_2_11002450
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F460 SEED_ofb128_encrypt,SEED_encrypt,CRYPTO_ofb128_encrypt,5_2_1102F460
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11081470 BN_to_ASN1_ENUMERATED,ASN1_STRING_type_new,BN_num_bits,CRYPTO_realloc,ERR_put_error,ASN1_STRING_free,BN_bn2bin,5_2_11081470
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11037480 CRYPTO_malloc,BN_init,5_2_11037480
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A480 RSA_setup_blinding,BN_CTX_new,BN_CTX_start,BN_CTX_get,ERR_put_error,ERR_put_error,RAND_status,RAND_add,BN_BLINDING_create_param,ERR_put_error,BN_BLINDING_thread_id,CRYPTO_THREADID_current,BN_CTX_end,BN_CTX_free,BN_free,5_2_1104A480
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B7480 CMS_RecipientEncryptedKey_cert_cmp,5_2_110B7480
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002490 CRYPTO_malloc,5_2_11002490
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F490 CRYPTO_cbc128_encrypt,5_2_1102F490
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11038490 bn_expand2,CRYPTO_malloc,bn_sub_words,CRYPTO_free,5_2_11038490
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11078490 EVP_PKEY_encrypt_old,ERR_put_error,RSA_public_encrypt,5_2_11078490
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108B4A0 asn1_enc_free,CRYPTO_free,5_2_1108B4A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110854A0 i2d_X509_AUX,ASN1_item_i2d,i2d_X509_CERT_AUX,CRYPTO_malloc,CRYPTO_free,5_2_110854A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B94B0 sk_new_null,CRYPTO_malloc,BUF_strdup,sk_push,CRYPTO_free,5_2_110B94B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108A4C0 ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,BUF_MEM_grow_clean,ERR_put_error,ERR_put_error,ERR_put_error,asn1_ex_c2i,CRYPTO_free,5_2_1108A4C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110704D0 OBJ_create,a2d_ASN1_OBJECT,CRYPTO_malloc,ERR_put_error,a2d_ASN1_OBJECT,ASN1_OBJECT_create,OBJ_add_object,ASN1_OBJECT_free,CRYPTO_free,5_2_110704D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107D4D0 EVP_PKEY_derive_set_peer,ERR_put_error,EVP_PKEY_missing_parameters,EVP_PKEY_cmp_parameters,ERR_put_error,EVP_PKEY_free,CRYPTO_add_lock,ERR_put_error,5_2_1107D4D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110014E0 CRYPTO_get_new_lockid,sk_new_null,ERR_put_error,BUF_strdup,sk_push,CRYPTO_free,5_2_110014E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C4E0 GetVersion,OPENSSL_isservice,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,GetObjectA,CRYPTO_malloc,GetDIBits,EVP_sha1,EVP_Digest,RAND_add,CRYPTO_free,DeleteObject,ReleaseDC,5_2_1106C4E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110784E0 EVP_PKEY_decrypt_old,ERR_put_error,RSA_private_decrypt,5_2_110784E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110634F0 BIO_dup_chain,CRYPTO_malloc,BIO_set,BIO_ctrl,CRYPTO_dup_ex_data,BIO_push,CRYPTO_free,ERR_put_error,BIO_free,BIO_free,5_2_110634F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C4F0 EVP_PKEY_CTX_free,EVP_PKEY_free,EVP_PKEY_free,ENGINE_finish,CRYPTO_free,5_2_1107C4F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108B4F0 asn1_enc_save,CRYPTO_free,CRYPTO_malloc,5_2_1108B4F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001700 CRYPTO_get_dynlock_destroy_callback,5_2_11001700
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A700 sk_dup,sk_new,CRYPTO_realloc,CRYPTO_free,CRYPTO_free,5_2_1106A700
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11077700 EVP_SealInit,EVP_CIPHER_CTX_init,EVP_EncryptInit_ex,EVP_CIPHER_CTX_rand_key,X509_get_issuer_name,X509_get_issuer_name,RAND_bytes,EVP_EncryptInit_ex,X509_STORE_CTX_get0_policy_tree,EVP_PKEY_encrypt_old,5_2_11077700
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B9700 CONF_get1_default_config_file,ossl_safe_getenv,BUF_strdup,X509_get_default_cert_area,CRYPTO_malloc,X509_get_default_cert_area,BUF_strlcpy,BUF_strlcat,BUF_strlcat,5_2_110B9700
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001710 CRYPTO_set_dynlock_create_callback,5_2_11001710
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101D710 RC2_ecb_encrypt,RC2_encrypt,RC2_decrypt,5_2_1101D710
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11094710 PEM_SignFinal,EVP_PKEY_size,CRYPTO_malloc,ERR_put_error,EVP_SignFinal,EVP_EncodeBlock,CRYPTO_free,5_2_11094710
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C4710 ENGINE_pkey_asn1_find_str,CRYPTO_lock,CRYPTO_lock,5_2_110C4710
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002720 CRYPTO_set_mem_debug_options,5_2_11002720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001720 CRYPTO_set_dynlock_lock_callback,5_2_11001720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A720 Camellia_ctr128_encrypt,Camellia_encrypt,CRYPTO_ctr128_encrypt,5_2_1102A720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11036720 ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,5_2_11036720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11045720 RSA_padding_check_PKCS1_type_2,CRYPTO_malloc,ERR_put_error,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,ERR_put_error,5_2_11045720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002730 CRYPTO_get_mem_debug_options,5_2_11002730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001730 CRYPTO_set_dynlock_destroy_callback,5_2_11001730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11044730 RSA_new_method,CRYPTO_malloc,ERR_put_error,_memset,RSA_PKCS1_SSLeay,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_RSA,UI_get0_user_data,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,5_2_11044730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11052730 CMS_SharedInfo_encode,CRYPTO_memcmp,5_2_11052730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072730 EVP_CIPHER_CTX_copy,ENGINE_init,ERR_put_error,EVP_CIPHER_CTX_cleanup,CRYPTO_malloc,ERR_put_error,ERR_put_error,5_2_11072730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11082730 ASN1_mbstring_ncopy,UTF8_getc,ERR_put_error,BIO_snprintf,ERR_add_error_data,ERR_put_error,BIO_snprintf,ERR_add_error_data,CRYPTO_free,ASN1_STRING_type_new,ASN1_STRING_set,CRYPTO_malloc,ASN1_STRING_free,ERR_put_error,5_2_11082730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002740 CRYPTO_free,5_2_11002740
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001740 CRYPTO_get_locking_callback,5_2_11001740
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001750 CRYPTO_get_add_lock_callback,5_2_11001750
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11088750 ASN1_template_new,ASN1_primitive_new,CRYPTO_malloc,_memset,asn1_set_choice_selector,CRYPTO_malloc,_memset,asn1_do_lock,asn1_enc_init,asn1_get_field_ptr,ASN1_template_new,ERR_put_error,ERR_put_error,5_2_11088750
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C1750 ERR_put_error,CRYPTO_add_lock,CRYPTO_free_ex_data,CRYPTO_free,5_2_110C1750
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003760 CRYPTO_mem_leaks_fp,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,BIO_s_file,BIO_new,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,BIO_ctrl,CRYPTO_mem_leaks,BIO_free,5_2_11003760
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001760 CRYPTO_set_locking_callback,5_2_11001760
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D760 ERR_free_strings,CRYPTO_lock,CRYPTO_lock,5_2_1106D760
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E760 i2a_ASN1_OBJECT,OBJ_obj2txt,CRYPTO_malloc,OBJ_obj2txt,BIO_write,BIO_write,CRYPTO_free,BIO_write,5_2_1107E760
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110A6760 string_to_hex,ERR_put_error,CRYPTO_malloc,ERR_put_error,ERR_put_error,CRYPTO_free,CRYPTO_free,ERR_put_error,5_2_110A6760
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002770 CRYPTO_mem_ctrl,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,5_2_11002770
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001770 CRYPTO_set_add_lock_callback,5_2_11001770
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11040770 BN_GF2m_mod_mul,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_mul_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,5_2_11040770
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001780 CRYPTO_THREADID_set_numeric,5_2_11001780
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062780 BUF_MEM_new,CRYPTO_malloc,ERR_put_error,5_2_11062780
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001790 CRYPTO_THREADID_set_pointer,5_2_11001790
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11061790 ECDSA_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_11061790
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A790 sk_deep_copy,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_1106A790
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F790 OBJ_NAME_remove,lh_delete,sk_num,sk_value,CRYPTO_free,5_2_1106F790
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110017A0 CRYPTO_THREADID_set_callback,5_2_110017A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110227B0 CAST_decrypt,5_2_110227B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110947B0 PEM_SealInit,RSA_size,CRYPTO_malloc,ERR_put_error,ERR_put_error,EVP_EncodeInit,EVP_MD_CTX_init,EVP_DigestInit,EVP_CIPHER_CTX_init,EVP_SealInit,RSA_size,EVP_EncodeBlock,CRYPTO_free,OPENSSL_cleanse,5_2_110947B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110017C0 CRYPTO_THREADID_get_callback,5_2_110017C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110627C0 BUF_MEM_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,5_2_110627C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D7C0 ERR_get_string_table,CRYPTO_lock,CRYPTO_lock,5_2_1106D7C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110017D0 CRYPTO_THREADID_current,GetCurrentThreadId,5_2_110017D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110897E0 sk_num,sk_num,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,sk_num,sk_value,ASN1_item_ex_i2d,sk_num,sk_num,sk_value,ASN1_item_ex_i2d,sk_num,sk_num,sk_num,sk_num,sk_num,sk_set,sk_num,CRYPTO_free,CRYPTO_free,5_2_110897E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110707F0 OBJ_obj2txt,OBJ_obj2nid,OBJ_nid2ln,OBJ_nid2sn,BUF_strlcpy,BN_add_word,BN_new,BN_set_word,BN_lshift,BN_sub_word,BN_bn2dec,BUF_strlcpy,CRYPTO_free,BIO_snprintf,BUF_strlcpy,BN_free,BN_free,5_2_110707F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A600 Camellia_ecb_encrypt,Camellia_encrypt,Camellia_decrypt,5_2_1102A600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102E600 SEED_decrypt,5_2_1102E600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11032600 CRYPTO_xts128_encrypt,5_2_11032600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11061600 ENGINE_finish,CRYPTO_free_ex_data,OPENSSL_cleanse,CRYPTO_free,5_2_11061600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F600 OBJ_NAME_new_index,CRYPTO_mem_ctrl,sk_new_null,CRYPTO_mem_ctrl,sk_num,CRYPTO_mem_ctrl,CRYPTO_malloc,CRYPTO_mem_ctrl,CRYPTO_mem_ctrl,sk_push,CRYPTO_mem_ctrl,sk_value,ERR_put_error,5_2_1106F600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101C610 DES_crypt,DES_fcrypt,5_2_1101C610
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11036610 BN_clear_free,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,5_2_11036610
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A610 sk_free,CRYPTO_free,CRYPTO_free,5_2_1106A610
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11088610 ASN1_primitive_new,OBJ_nid2obj,CRYPTO_malloc,ASN1_STRING_type_new,5_2_11088610
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11095620 PEM_do_header,PEM_def_callback,ERR_put_error,d2i_X509,EVP_md5,EVP_BytesToKey,EVP_CIPHER_CTX_init,EVP_DecryptInit_ex,EVP_DecryptUpdate,EVP_DecryptFinal_ex,EVP_CIPHER_CTX_cleanup,OPENSSL_cleanse,OPENSSL_cleanse,ERR_put_error,5_2_11095620
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101C630 DES_xcbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,5_2_1101C630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A630 Camellia_ofb128_encrypt,Camellia_encrypt,CRYPTO_ofb128_encrypt,5_2_1102A630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F630 CRYPTO_cbc128_decrypt,5_2_1102F630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062630 ECDSA_verify,ECDSA_SIG_new,d2i_ECDSA_SIG,i2d_ECDSA_SIG,OPENSSL_cleanse,CRYPTO_free,ECDSA_SIG_free,5_2_11062630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092630 ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,5_2_11092630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1109B650 X509_NAME_oneline,BUF_MEM_new,BUF_MEM_grow,CRYPTO_free,_strncpy,sk_num,CRYPTO_free,sk_value,OBJ_obj2nid,OBJ_nid2sn,i2t_ASN1_OBJECT,BUF_MEM_grow,sk_num,ERR_put_error,BUF_MEM_free,ERR_put_error,BUF_MEM_free,5_2_1109B650
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001660 CRYPTO_get_dynlock_value,CRYPTO_lock,sk_num,sk_value,CRYPTO_lock,5_2_11001660
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F660 idea_cfb64_encrypt,idea_encrypt,idea_encrypt,5_2_1101F660
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A660 Camellia_cfb128_encrypt,Camellia_encrypt,CRYPTO_cfb128_encrypt,5_2_1102A660
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11036670 BN_free,CRYPTO_free,CRYPTO_free,5_2_11036670
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031670 CRYPTO_gcm128_encrypt_ctr32,5_2_11031670
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092680 ASN1_STRING_free,CRYPTO_free,CRYPTO_free,5_2_11092680
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107F690 ASN1_GENERALIZEDTIME_adj,ASN1_STRING_type_new,OPENSSL_gmtime,OPENSSL_gmtime_adj,CRYPTO_malloc,ERR_put_error,CRYPTO_free,BIO_snprintf,5_2_1107F690
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B7690 CMS_RecipientInfo_kari_decrypt,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,5_2_110B7690
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110196A0 DES_pcbc_encrypt,DES_encrypt1,DES_encrypt1,5_2_110196A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A6A0 Camellia_cfb1_encrypt,Camellia_encrypt,CRYPTO_cfb128_1_encrypt,5_2_1102A6A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110586A0 pqueue_peek,ENGINE_get_pkey_asn1_meths,X509_TRUST_get_flags,EVP_MD_block_size,ENGINE_get_finish_function,BN_CTX_start,BN_num_bits,BN_num_bits,CRYPTO_malloc,BN_CTX_get,X509_TRUST_get_flags,EC_GROUP_get_order,CRYPTO_free,BN_CTX_end,5_2_110586A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D6A0 CRYPTO_free,5_2_1106D6A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108E6A0 i2d_ASN1_BOOLEAN,ASN1_object_size,CRYPTO_malloc,ERR_put_error,ASN1_put_object,5_2_1108E6A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110806B0 i2d_ASN1_SET,sk_num,sk_value,sk_value,ASN1_object_size,ASN1_put_object,sk_num,sk_num,CRYPTO_malloc,sk_num,sk_value,sk_num,sk_num,CRYPTO_malloc,ERR_put_error,sk_num,sk_num,CRYPTO_free,CRYPTO_free,sk_num,sk_value,sk_num,5_2_110806B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110876B0 X509_NAME_print,X509_NAME_oneline,CRYPTO_free,BIO_write,BIO_write,ERR_put_error,CRYPTO_free,5_2_110876B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110926B0 ASN1_STRING_clear_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,5_2_110926B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C16B0 ENGINE_new,CRYPTO_malloc,ERR_put_error,_memset,CRYPTO_new_ex_data,5_2_110C16B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110026D0 CRYPTO_remalloc,CRYPTO_malloc,5_2_110026D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110176D0 DES_cfb64_encrypt,DES_encrypt1,DES_encrypt1,5_2_110176D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110366D0 BN_new,CRYPTO_malloc,ERR_put_error,5_2_110366D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110776D0 EVP_OpenFinal,EVP_DecryptFinal_ex,EVP_DecryptInit_ex,5_2_110776D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110016E0 CRYPTO_get_dynlock_create_callback,5_2_110016E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A6E0 Camellia_cfb8_encrypt,Camellia_encrypt,CRYPTO_cfb128_8_encrypt,5_2_1102A6E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110966E0 PEM_ASN1_write_bio,pqueue_peek,OBJ_nid2sn,X509_TRUST_get0_name,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,PEM_def_callback,ERR_put_error,RAND_add,OpenSSLDie,RAND_bytes,EVP_md5,EVP_BytesToKey,OPENSSL_cleanse,OpenSSLDie,PEM_proc_type,PEM_dek_info,EVP_CIPHER_CTX_init,EVP_EncryptInit_ex,EVP_EncryptUpdate,EVP_EncryptFinal_ex,EVP_CIPHER_CTX_cleanup,PEM_write_bio,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,5_2_110966E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110016F0 CRYPTO_get_dynlock_lock_callback,5_2_110016F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E6F0 DSO_convert_filename,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,5_2_1104E6F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003900 CRYPTO_mem_leaks_cb,CRYPTO_lock,lh_doall_arg,CRYPTO_lock,5_2_11003900
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F900 CRYPTO_ctr128_encrypt,5_2_1102F900
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11067900 BIO_get_port,ERR_put_error,CRYPTO_lock,getservbyname,htons,CRYPTO_lock,WSAGetLastError,ERR_put_error,ERR_add_error_data,5_2_11067900
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E910 idea_encrypt,5_2_1101E910
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11030910 CRYPTO_cfb128_1_encrypt,5_2_11030910
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053910 EC_GROUP_precompute_mult,X509_TRUST_get_flags,BN_CTX_new,BN_CTX_start,BN_CTX_get,EC_GROUP_get_order,BN_num_bits,CRYPTO_malloc,EC_POINT_new,EC_POINT_new,EC_POINT_new,EC_POINT_copy,EC_POINT_dbl,EC_POINT_copy,EC_POINT_add,EC_POINT_dbl,EC_POINT_dbl,EC_POINTs_make_affine,ERR_put_error,BN_CTX_end,BN_CTX_free,EC_POINT_free,CRYPTO_free,EC_POINT_free,EC_POINT_free,5_2_11053910
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11059920 BN_bin2bn,ERR_put_error,BN_bin2bn,OBJ_obj2nid,ERR_put_error,BN_new,ERR_put_error,OBJ_obj2nid,ERR_put_error,ASN1_INTEGER_get,BN_set_bit,ERR_put_error,ERR_put_error,BN_set_bit,BN_set_bit,BN_set_bit,BN_set_bit,BN_set_bit,EC_GROUP_new_curve_GF2m,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ASN1_INTEGER_to_BN,ERR_put_error,BN_num_bits,ERR_put_error,EC_GROUP_new_curve_GFp,ERR_put_error,CRYPTO_free,CRYPTO_malloc,EC_POINT_new,EC_GROUP_set_point_conversion_form,EC_POINT_oct2point,ASN1_INTEGER_to_BN,BN_num_bits,ERR_put_error,EC_GROUP_free,EC_GROUP_free,BN_free,BN_free,BN_free,EC_POINT_free,BN_CTX_free,BN_free,EC_GROUP_set_generator,ASN1_INTEGER_to_BN,BN_CTX_new,EC_GROUP_dup,EC_GROUP_set_seed,EC_GROUP_set_generator,EC_GROUP_new_by_curve_name,EC_GROUP_free,EC_GROUP_set_asn1_flag,EC_GROUP_set_seed,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,5_2_11059920
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11014940 CMAC_CTX_new,CRYPTO_malloc,EVP_CIPHER_CTX_init,5_2_11014940
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002950 CRYPTO_dbg_set_options,5_2_11002950
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002960 CRYPTO_dbg_get_options,5_2_11002960
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D960 ERR_func_error_string,CRYPTO_lock,CRYPTO_lock,5_2_1106D960
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E980 c2i_ASN1_OBJECT,ASN1_OBJECT_new,ERR_put_error,CRYPTO_free,CRYPTO_malloc,ERR_put_error,ASN1_OBJECT_free,5_2_1107E980
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11094980 PEM_SealUpdate,EVP_DigestUpdate,EVP_EncryptUpdate,EVP_EncodeUpdate,5_2_11094980
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110039A0 CRYPTO_get_ex_data_implementation,CRYPTO_lock,CRYPTO_lock,5_2_110039A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110309B0 CRYPTO_cfb128_8_encrypt,5_2_110309B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110329B0 CRYPTO_128_wrap,5_2_110329B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101A9C0 DES_encrypt1,5_2_1101A9C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104B9C0 DSA_new_method,CRYPTO_malloc,ERR_put_error,DSA_OpenSSL,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_DSA,X509_TRUST_get0_name,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,5_2_1104B9C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C9C0 EVP_PKEY_meth_get_encrypt,5_2_1107C9C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110369D0 BN_set_word,CRYPTO_free,5_2_110369D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106A9D0 sk_pop_free,CRYPTO_free,CRYPTO_free,5_2_1106A9D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110719D0 EVP_MD_CTX_create,CRYPTO_malloc,5_2_110719D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110939D0 ASN1_pack_string,ASN1_STRING_new,ERR_put_error,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,5_2_110939D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110149E0 CMAC_CTX_free,CMAC_CTX_cleanup,CRYPTO_free,5_2_110149E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C9E0 EVP_PKEY_meth_get_decrypt,5_2_1107C9E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110899E0 ASN1_item_ex_i2d,CRYPTO_malloc,ASN1_item_ex_i2d,ASN1_item_ex_i2d,5_2_110899E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110029F0 CRYPTO_THREADID_current,lh_delete,lh_insert,CRYPTO_free,5_2_110029F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110039F0 CRYPTO_set_ex_data_implementation,CRYPTO_lock,CRYPTO_lock,5_2_110039F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110449F0 RSA_up_ref,CRYPTO_add_lock,5_2_110449F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D9F0 ERR_reason_error_string,CRYPTO_lock,CRYPTO_lock,5_2_1106D9F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110819F0 ASN1_sign,EVP_MD_CTX_init,ASN1_TYPE_free,ASN1_TYPE_free,ASN1_TYPE_new,ASN1_OBJECT_free,OBJ_nid2obj,CRYPTO_malloc,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_SignFinal,CRYPTO_free,ERR_put_error,EVP_MD_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,5_2_110819F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11061800 ECDSA_METHOD_new,CRYPTO_malloc,ERR_put_error,5_2_11061800
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062800 BUF_MEM_grow,_memset,ERR_put_error,CRYPTO_malloc,CRYPTO_realloc,ERR_put_error,_memset,5_2_11062800
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11091800 sk_new_null,X509V3_get_section,sk_num,sk_value,sk_push,sk_num,i2d_ASN1_SET_ANY,i2d_ASN1_SEQUENCE_ANY,ASN1_TYPE_new,ASN1_STRING_type_new,CRYPTO_free,ASN1_TYPE_free,sk_pop_free,X509V3_section_free,5_2_11091800
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001810 CRYPTO_THREADID_cmp,5_2_11001810
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A820 Camellia_encrypt,5_2_1102A820
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11036820 bn_expand2,CRYPTO_free,5_2_11036820
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11040820 BN_GF2m_mod_sqr,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_sqr_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,5_2_11040820
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D820 ERR_get_err_state_table,CRYPTO_lock,CRYPTO_lock,5_2_1106D820
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C830 EVP_PKEY_meth_set_encrypt,5_2_1107C830
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11018840 DES_ede3_ofb64_encrypt,DES_encrypt3,5_2_11018840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020840 BF_cbc_encrypt,BF_encrypt,BF_decrypt,BF_decrypt,5_2_11020840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11026840 AES_decrypt,5_2_11026840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102D840 SEED_encrypt,5_2_1102D840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110C1840 sk_new_null,CRYPTO_malloc,sk_push,CRYPTO_free,5_2_110C1840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11052850 DH_KDF_X9_42,EVP_MD_size,EVP_MD_CTX_init,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestFinal,OPENSSL_cleanse,CRYPTO_free,EVP_MD_CTX_cleanup,5_2_11052850
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072850 EVP_CipherInit_ex,EVP_CIPHER_CTX_cleanup,ENGINE_init,ERR_put_error,ENGINE_get_cipher_engine,ENGINE_get_cipher,CRYPTO_malloc,ERR_put_error,EVP_CIPHER_CTX_ctrl,ERR_put_error,OpenSSLDie,EVP_CIPHER_CTX_flags,ERR_put_error,EVP_CIPHER_CTX_flags,EVP_CIPHER_CTX_flags,X509_get_issuer_name,OpenSSLDie,X509_get_issuer_name,X509_get_issuer_name,X509_get_issuer_name,5_2_11072850
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107C850 EVP_PKEY_meth_set_decrypt,5_2_1107C850
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F860 idea_ofb64_encrypt,idea_encrypt,5_2_1101F860
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001870 CRYPTO_THREADID_cpy,5_2_11001870
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031870 CRYPTO_gcm128_decrypt_ctr32,5_2_11031870
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104F870 d2i_DHxparams,DH_new,ASN1_item_d2i,DH_free,DH_free,ASN1_BIT_STRING_free,CRYPTO_free,CRYPTO_free,5_2_1104F870
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E870 ASN1_OBJECT_new,CRYPTO_malloc,ERR_put_error,5_2_1107E870
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11077870 EVP_SealFinal,EVP_EncryptFinal_ex,EVP_EncryptInit_ex,5_2_11077870
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D880 ERR_release_err_state_table,CRYPTO_lock,CRYPTO_lock,5_2_1106D880
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001890 CRYPTO_get_id_callback,5_2_11001890
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110018A0 CRYPTO_set_id_callback,5_2_110018A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110238A0 AES_bi_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,5_2_110238A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110018B0 CRYPTO_thread_id,GetCurrentThreadId,5_2_110018B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106E8B0 ERR_peek_error,ERR_get_state,CRYPTO_free,CRYPTO_free,5_2_1106E8B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108D8B0 i2d_RSA_NET,EVP_CIPHER_CTX_init,ASN1_item_new,ASN1_item_new,OBJ_nid2obj,ASN1_TYPE_new,i2d_RSAPrivateKey,ASN1_item_i2d,OBJ_nid2obj,ASN1_TYPE_new,CRYPTO_malloc,ERR_put_error,i2d_RSAPrivateKey,CRYPTO_malloc,ASN1_STRING_set,OPENSSL_cleanse,ERR_put_error,EVP_md5,EVP_Digest,EVP_md5,EVP_rc4,EVP_BytesToKey,OPENSSL_cleanse,EVP_rc4,EVP_EncryptInit_ex,EVP_EncryptUpdate,EVP_EncryptFinal_ex,EVP_CIPHER_CTX_cleanup,ASN1_item_free,ASN1_item_free,5_2_1108D8B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110178C0 DES_ede3_cfb64_encrypt,DES_encrypt3,DES_encrypt3,5_2_110178C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E8C0 ASN1_OBJECT_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_1107E8C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110028D0 CRYPTO_is_mem_check_on,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_THREADID_cmp,CRYPTO_lock,5_2_110028D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110018D0 CRYPTO_get_lock_name,sk_num,sk_value,5_2_110018D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110448D0 RSA_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_BLINDING_free,BN_BLINDING_free,CRYPTO_free_locked,CRYPTO_free,5_2_110448D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110938D0 ASN1_seq_pack,i2d_ASN1_SET,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_ASN1_SET,5_2_110938D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110958D0 PEM_write_bio,EVP_EncodeInit,BIO_write,BIO_write,BIO_write,BIO_write,BIO_write,CRYPTO_malloc,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,EVP_EncodeUpdate,BIO_write,EVP_EncodeFinal,BIO_write,OPENSSL_cleanse,CRYPTO_free,BIO_write,BIO_write,BIO_write,5_2_110958D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101D8E0 RC2_encrypt,5_2_1101D8E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106D8E0 ERR_lib_error_string,CRYPTO_lock,CRYPTO_lock,5_2_1106D8E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110628E0 BUF_MEM_grow_clean,_memset,_memset,ERR_put_error,CRYPTO_malloc,CRYPTO_realloc_clean,ERR_put_error,_memset,5_2_110628E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110268F0 AES_cbc_encrypt,5_2_110268F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106F8F0 OBJ_NAME_do_all_sorted,lh_num_items,CRYPTO_malloc,lh_doall_arg,CRYPTO_free,5_2_1106F8F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103EB00 BN_RECP_CTX_free,BN_free,BN_free,CRYPTO_free,5_2_1103EB00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11013B10 DES_set_odd_parity,DES_set_key_unchecked,DES_encrypt1,DES_set_odd_parity,DES_set_key_unchecked,DES_encrypt1,5_2_11013B10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101FB10 idea_set_encrypt_key,5_2_1101FB10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105AB10 EC_KEY_new,CRYPTO_malloc,ERR_put_error,5_2_1105AB10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1108FB10 BUF_strdup,BUF_strdup,CRYPTO_malloc,sk_new,5_2_1108FB10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AB20 DES_encrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,5_2_1101AB20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104BB20 DSA_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,5_2_1104BB20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053B30 EC_GROUP_clear_free,BN_MONT_CTX_free,EC_POINT_clear_free,BN_clear_free,BN_clear_free,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,5_2_11053B30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106DB30 ERR_remove_state,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_lock,5_2_1106DB30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072B30 EVP_CipherUpdate,EVP_DecryptUpdate,5_2_11072B30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11088B30 ASN1_primitive_free,ASN1_OBJECT_free,ASN1_primitive_free,CRYPTO_free,ASN1_STRING_free,5_2_11088B30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11038B40 BN_bn2hex,CRYPTO_strdup,CRYPTO_malloc,ERR_put_error,5_2_11038B40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031B40 CRYPTO_gcm128_tag,CRYPTO_gcm128_finish,5_2_11031B40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106AB40 CRYPTO_realloc,_memset,5_2_1106AB40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11095B40 PEM_read_bio,BUF_MEM_new,BUF_MEM_new,BUF_MEM_new,BIO_gets,_strncmp,_strncmp,BIO_gets,BUF_MEM_grow,BUF_MEM_grow,BIO_gets,BUF_MEM_grow,_strncmp,BIO_gets,BUF_MEM_grow,BIO_gets,_strncmp,BUF_MEM_grow_clean,BIO_gets,BIO_gets,_strncmp,_strncmp,_strncmp,EVP_DecodeInit,EVP_DecodeUpdate,EVP_DecodeFinal,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,ERR_put_error,5_2_11095B40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11080B50 ASN1_dup,CRYPTO_malloc,ERR_put_error,CRYPTO_free,5_2_11080B50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11058B60 EC_POINT_point2bn,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,CRYPTO_free,BN_bin2bn,CRYPTO_free,5_2_11058B60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105AB70 EC_KEY_free,CRYPTO_add_lock,EC_GROUP_free,EC_POINT_free,BN_clear_free,OPENSSL_cleanse,CRYPTO_free,5_2_1105AB70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101DB80 RC2_cbc_encrypt,RC2_encrypt,RC2_encrypt,RC2_decrypt,RC2_decrypt,5_2_1101DB80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031B80 CRYPTO_gcm128_new,CRYPTO_malloc,CRYPTO_gcm128_init,5_2_11031B80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072B80 EVP_EncryptInit_ex,EVP_CipherInit_ex,5_2_11072B80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102FB90 CRYPTO_cts128_encrypt_block,CRYPTO_cbc128_encrypt,5_2_1102FB90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107CB90 EVP_PKEY_CTX_new,ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,5_2_1107CB90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092BA0 d2i_ASN1_type_bytes,ASN1_get_object,ASN1_tag2bit,d2i_ASN1_BIT_STRING,ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,5_2_11092BA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106DBB0 ERR_get_state,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cpy,CRYPTO_malloc,CRYPTO_THREADID_cpy,5_2_1106DBB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072BB0 EVP_DecryptInit_ex,EVP_CipherInit_ex,5_2_11072BB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11094BB0 PEM_X509_INFO_read_bio,sk_new_null,ERR_put_error,X509_INFO_new,PEM_read_bio,sk_push,X509_INFO_new,X509_PKEY_new,X509_PKEY_new,X509_PKEY_new,PEM_get_EVP_CIPHER_INFO,PEM_do_header,d2i_PrivateKey,d2i_X509,ERR_put_error,X509_INFO_free,sk_num,sk_value,X509_INFO_free,sk_num,sk_free,PEM_get_EVP_CIPHER_INFO,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_last_error,ERR_clear_error,sk_push,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_11094BB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003BC0 CRYPTO_malloc,ERR_put_error,CRYPTO_lock,sk_num,sk_push,sk_num,sk_set,CRYPTO_lock,ERR_put_error,CRYPTO_free,5_2_11003BC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031BC0 CRYPTO_gcm128_release,OPENSSL_cleanse,CRYPTO_free,5_2_11031BC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11044BC0 RSA_sign,ERR_put_error,OBJ_nid2obj,ERR_put_error,ERR_put_error,i2d_X509_SIG,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_X509_SIG,RSA_private_encrypt,OPENSSL_cleanse,CRYPTO_free,5_2_11044BC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031BE0 CRYPTO_ccm128_init,5_2_11031BE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053BE0 EC_GROUP_copy,ERR_put_error,ERR_put_error,BN_MONT_CTX_new,BN_MONT_CTX_copy,BN_MONT_CTX_free,EC_POINT_new,EC_POINT_copy,EC_POINT_clear_free,BN_copy,BN_copy,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,5_2_11053BE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106FBE0 OBJ_NAME_add,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,CRYPTO_malloc,lh_insert,sk_num,sk_value,CRYPTO_free,CRYPTO_free,5_2_1106FBE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11080BE0 ASN1_item_dup,ASN1_item_i2d,ERR_put_error,ASN1_item_d2i,CRYPTO_free,5_2_11080BE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11083BE0 X509_PUBKEY_get,CRYPTO_add_lock,EVP_PKEY_new,OBJ_obj2nid,EVP_PKEY_set_type,CRYPTO_lock,CRYPTO_lock,EVP_PKEY_free,CRYPTO_lock,CRYPTO_add_lock,ERR_put_error,EVP_PKEY_free,5_2_11083BE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101CBF0 DES_cbc_cksum,DES_encrypt1,5_2_1101CBF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11056BF0 CRYPTO_malloc,ERR_put_error,5_2_11056BF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11058BF0 EC_POINT_bn2point,BN_num_bits,CRYPTO_malloc,BN_bn2bin,CRYPTO_free,EC_POINT_new,EC_POINT_oct2point,EC_POINT_clear_free,CRYPTO_free,CRYPTO_free,5_2_11058BF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102CA00 Camellia_cbc_encrypt,5_2_1102CA00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11030A00 CRYPTO_ofb128_encrypt,5_2_11030A00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105AA00 i2o_ECPublicKey,ERR_put_error,EC_POINT_point2oct,CRYPTO_malloc,ERR_put_error,EC_POINT_point2oct,ERR_put_error,CRYPTO_free,5_2_1105AA00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11071A00 EVP_DigestInit_ex,EVP_MD_CTX_clear_flags,ENGINE_finish,ENGINE_init,ERR_put_error,ENGINE_get_digest_engine,ENGINE_get_digest,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,5_2_11071A00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101DA20 RC2_decrypt,5_2_1101DA20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11044A20 RSA_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_11044A20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106AA20 lh_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_1106AA20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003A40 CRYPTO_lock,pqueue_peek,lh_new,CRYPTO_lock,5_2_11003A40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107CA40 ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,5_2_1107CA40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102FA50 CRYPTO_ctr128_encrypt_ctr32,5_2_1102FA50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11052A50 EC_GROUP_new,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,BN_init,BN_init,CRYPTO_free,5_2_11052A50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106EA50 ERR_peek_error_line,ERR_get_state,CRYPTO_free,CRYPTO_free,5_2_1106EA50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101FA60 idea_ecb_encrypt,idea_encrypt,5_2_1101FA60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062A60 BUF_strndup,CRYPTO_malloc,ERR_put_error,5_2_11062A60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11094A60 PEM_SealFinal,ERR_put_error,RSA_size,CRYPTO_malloc,ERR_put_error,EVP_EncryptFinal_ex,EVP_EncodeUpdate,EVP_EncodeFinal,EVP_SignFinal,EVP_EncodeBlock,EVP_MD_CTX_cleanup,EVP_CIPHER_CTX_cleanup,CRYPTO_free,5_2_11094A60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002A70 CRYPTO_push_info_,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_malloc,lh_new,CRYPTO_free,CRYPTO_THREADID_current,lh_insert,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_11002A70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11018A70 DES_enc_read,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,__read,__read,DES_pcbc_encrypt,DES_cbc_encrypt,DES_pcbc_encrypt,DES_cbc_encrypt,DES_pcbc_encrypt,DES_cbc_encrypt,5_2_11018A70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031A70 CRYPTO_gcm128_finish,CRYPTO_memcmp,5_2_11031A70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11044A70 RSA_memory_lock,CRYPTO_malloc_locked,ERR_put_error,BN_clear_free,5_2_11044A70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020A80 BF_cfb64_encrypt,BF_encrypt,BF_encrypt,5_2_11020A80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11053A90 EC_GROUP_free,BN_MONT_CTX_free,CRYPTO_free,BN_free,BN_free,CRYPTO_free,CRYPTO_free,5_2_11053A90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003AA0 ASN1_PCTX_free,sk_pop_free,CRYPTO_free,5_2_11003AA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11014AA0 CMAC_Init,EVP_EncryptInit_ex,X509_get_serialNumber,_memset,EVP_EncryptInit_ex,pqueue_peek,EVP_CIPHER_CTX_set_key_length,EVP_EncryptInit_ex,X509_get_serialNumber,EVP_Cipher,OPENSSL_cleanse,EVP_EncryptInit_ex,_memset,5_2_11014AA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106DAA0 ERR_remove_thread_state,CRYPTO_THREADID_cpy,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_lock,5_2_1106DAA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11093AA0 ASN1_item_pack,ASN1_STRING_new,ERR_put_error,CRYPTO_free,ASN1_item_i2d,ERR_put_error,5_2_11093AA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103EAB0 BN_RECP_CTX_new,CRYPTO_malloc,BN_init,BN_init,5_2_1103EAB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003AC0 CRYPTO_lock,lh_retrieve,CRYPTO_malloc,sk_new_null,CRYPTO_free,lh_insert,lh_retrieve,sk_free,CRYPTO_free,CRYPTO_lock,ERR_put_error,5_2_11003AC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AAC0 DES_encrypt2,5_2_1101AAC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092AD0 ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,5_2_11092AD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110D3AD0 CRYPTO_malloc,BUF_strdup,BN_bin2bn,CRYPTO_free,CRYPTO_free,5_2_110D3AD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11017AE0 DES_ede3_cfb_encrypt,DES_encrypt3,DES_encrypt3,5_2_11017AE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062AE0 BUF_memdup,CRYPTO_malloc,ERR_put_error,5_2_11062AE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11089AE0 asn1_ex_c2i,ASN1_TYPE_new,ASN1_TYPE_set,c2i_ASN1_OBJECT,ERR_put_error,ASN1_TYPE_free,c2i_ASN1_BIT_STRING,c2i_ASN1_INTEGER,ASN1_STRING_type_new,CRYPTO_free,ASN1_STRING_set,ERR_put_error,ASN1_STRING_free,5_2_11089AE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11032AF0 CRYPTO_128_unwrap,OPENSSL_cleanse,5_2_11032AF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11045AF0 RSA_padding_check_SSLv23,CRYPTO_malloc,ERR_put_error,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,ERR_put_error,5_2_11045AF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106FAF0 OBJ_NAME_init,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,5_2_1106FAF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072D20 EVP_DecryptInit,_memset,EVP_CipherInit_ex,5_2_11072D20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11070D30 OBJ_txt2obj,OBJ_sn2nid,OBJ_ln2nid,OBJ_nid2obj,a2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,a2d_ASN1_OBJECT,d2i_ASN1_OBJECT,CRYPTO_free,5_2_11070D30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11052D40 EC_GROUP_set_seed,CRYPTO_free,CRYPTO_malloc,5_2_11052D40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106DD40 ERR_set_error_data,ERR_get_state,CRYPTO_free,5_2_1106DD40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11077D40 EVP_PKEY_new,CRYPTO_malloc,ERR_put_error,5_2_11077D40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11071D50 EVP_MD_CTX_copy_ex,ENGINE_init,ERR_put_error,EVP_MD_CTX_set_flags,EVP_MD_CTX_cleanup,EVP_PKEY_CTX_dup,EVP_MD_CTX_cleanup,CRYPTO_malloc,ERR_put_error,ERR_put_error,5_2_11071D50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11018D60 DES_enc_write,CRYPTO_malloc,DES_enc_write,RAND_bytes,_shadow_DES_rw_mode,DES_pcbc_encrypt,DES_cbc_encrypt,__locking,5_2_11018D60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031D60 CRYPTO_ccm128_encrypt,_memset,5_2_11031D60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11056D60 CRYPTO_malloc,BN_num_bits,CRYPTO_malloc,BN_is_bit_set,ERR_put_error,CRYPTO_free,5_2_11056D60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1105AD70 EC_KEY_up_ref,CRYPTO_add_lock,5_2_1105AD70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11084D70 CRYPTO_free,sk_num,sk_new_null,sk_num,sk_value,sk_new_null,sk_push,ASN1_item_new,OBJ_dup,sk_push,sk_num,CRYPTO_malloc,sk_free,ASN1_item_free,sk_pop_free,5_2_11084D70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11096D70 PEM_bytes_read_bio,PEM_read_bio,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_error,ERR_add_error_data,PEM_get_EVP_CIPHER_INFO,PEM_do_header,CRYPTO_free,CRYPTO_free,CRYPTO_free,5_2_11096D70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AD80 DES_ncbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,5_2_1101AD80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101FD80 BF_set_key,BF_encrypt,BF_encrypt,5_2_1101FD80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023D80 AES_wrap_key,AES_encrypt,CRYPTO_128_wrap,5_2_11023D80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107ED80 ASN1_BIT_STRING_set_bit,CRYPTO_malloc,CRYPTO_realloc_clean,ERR_put_error,_memset,5_2_1107ED80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001D90 CRYPTO_memcmp,5_2_11001D90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002D90 CRYPTO_remove_all_info,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_11002D90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003D90 CRYPTO_ex_data_new_class,CRYPTO_lock,CRYPTO_lock,5_2_11003D90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106AD90 lh_new,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,5_2_1106AD90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11067D90 BIO_accept,accept,BIO_sock_should_retry,WSAGetLastError,ERR_put_error,ERR_put_error,DSO_global_lookup,htonl,htons,CRYPTO_malloc,ERR_put_error,BIO_snprintf,CRYPTO_realloc,CRYPTO_malloc,BIO_snprintf,5_2_11067D90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102FDA0 CRYPTO_nistcts128_encrypt,5_2_1102FDA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11046DA0 RSA_verify_PKCS1_PSS_mgf1,EVP_MD_CTX_init,EVP_MD_size,BN_num_bits,RSA_size,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,PKCS1_MGF1,ERR_put_error,ERR_put_error,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,ERR_put_error,CRYPTO_free,EVP_MD_CTX_cleanup,5_2_11046DA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106DDA0 ERR_add_error_vdata,CRYPTO_malloc,CRYPTO_realloc,BUF_strlcat,ERR_get_state,CRYPTO_free,CRYPTO_free,5_2_1106DDA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023DB0 AES_unwrap_key,AES_decrypt,CRYPTO_128_unwrap,5_2_11023DB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11060DB0 ENGINE_finish,CRYPTO_free_ex_data,OPENSSL_cleanse,CRYPTO_free,5_2_11060DB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107FDB0 c2i_ASN1_INTEGER,ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,5_2_1107FDB0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11001DC0 CRYPTO_lock,CRYPTO_get_dynlock_value,CRYPTO_destroy_dynlockid,OpenSSLDie,5_2_11001DC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101CDC0 DES_ede3_cbcm_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,5_2_1101CDC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11014DC0 CMAC_resume,EVP_EncryptInit_ex,5_2_11014DC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11092DC0 ASN1_STRING_new,ASN1_get_object,CRYPTO_malloc,ASN1_STRING_free,CRYPTO_free,CRYPTO_free,5_2_11092DC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11044DD0 i2d_X509_SIG,OPENSSL_cleanse,CRYPTO_free,5_2_11044DD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11003DF0 CRYPTO_cleanup_all_ex_data,CRYPTO_lock,CRYPTO_lock,5_2_11003DF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104BC00 DSA_up_ref,CRYPTO_add_lock,5_2_1104BC00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11072C00 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_cleanup,CRYPTO_free,5_2_11072C00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11088C10 ASN1_template_free,ASN1_primitive_free,asn1_get_choice_selector,asn1_get_field_ptr,ASN1_template_free,asn1_do_lock,asn1_enc_free,asn1_do_adb,asn1_get_field_ptr,ASN1_template_free,CRYPTO_free,5_2_11088C10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11038C20 BN_bn2dec,BN_num_bits,CRYPTO_malloc,CRYPTO_malloc,BN_dup,BN_div_word,BIO_snprintf,BIO_snprintf,CRYPTO_free,BN_free,CRYPTO_free,ERR_put_error,5_2_11038C20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110A0C2E sk_value,sk_num,CRYPTO_malloc,sk_push,CRYPTO_free,5_2_110A0C2E
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106AC20 CRYPTO_realloc,5_2_1106AC20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110A5C20 X509V3_EXT_print,X509V3_EXT_get,ASN1_item_d2i,BIO_printf,X509V3_EXT_val_prn,X509V3_conf_free,sk_pop_free,CRYPTO_free,ASN1_item_free,5_2_110A5C20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102FC30 CRYPTO_nistcts128_encrypt_block,CRYPTO_cbc128_encrypt,5_2_1102FC30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031C30 CRYPTO_ccm128_setiv,5_2_11031C30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110D3C3E sk_value,sk_num,sk_insert,CRYPTO_free,BN_free,CRYPTO_free,5_2_110D3C3E
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106EC30 ERR_peek_error_line_data,ERR_get_state,CRYPTO_free,CRYPTO_free,5_2_1106EC30
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11002C40 CRYPTO_pop_info,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,5_2_11002C40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11062C40 BIO_set,CRYPTO_new_ex_data,CRYPTO_free_ex_data,5_2_11062C40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11071C40 EVP_MD_CTX_cleanup,EVP_MD_CTX_test_flags,EVP_MD_CTX_test_flags,OPENSSL_cleanse,CRYPTO_free,EVP_PKEY_CTX_free,ENGINE_finish,5_2_11071C40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11081C40 ASN1_item_sign_ctx,X509_NAME_ENTRY_get_object,UI_get0_user_data,EVP_MD_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,pqueue_peek,OBJ_find_sigid_by_algs,OBJ_nid2obj,X509_ALGOR_set0,OBJ_nid2obj,X509_ALGOR_set0,ASN1_item_i2d,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,5_2_11081C40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B9C40 CONF_modules_load_file,NCONF_new,CONF_get1_default_config_file,NCONF_load,ERR_peek_last_error,ERR_clear_error,CONF_modules_load,CRYPTO_free,NCONF_free,5_2_110B9C40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AC50 DES_decrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,5_2_1101AC50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11022C50 CAST_cbc_encrypt,CAST_encrypt,CAST_decrypt,CAST_decrypt,5_2_11022C50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102AC50 Camellia_decrypt,5_2_1102AC50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107EC50 c2i_ASN1_BIT_STRING,ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,5_2_1107EC50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020C80 BF_ofb64_encrypt,BF_encrypt,5_2_11020C80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104BC90 DSA_get_ex_new_index,CRYPTO_get_ex_new_index,5_2_1104BC90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11056C90 CRYPTO_add_lock,EC_POINT_free,CRYPTO_free,CRYPTO_free,5_2_11056C90
                  Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_ac61599e-6

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeUnpacked PE file: 4.2.rfusclient.exe.650000.0.unpack
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeFile created: C:\ProgramData\Remote Utilities\install.logJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\EULA.rtfJump to behavior
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\libeay32.pdb source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb@W source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000000.1646535165.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB240CC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB240CC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB3B070
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB4FB80 FindFirstFileExA,0_2_00007FF6CDB4FB80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004940 OPENSSL_DIR_read,_malloc,_memset,_malloc,FindFirstFileA,FindNextFileA,_strncpy,5_2_11004940
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110D9950 __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,5_2_110D9950
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\winspool.drvJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 4x nop then movd mm0, dword ptr [edx]5_2_1103CBB0

                  Networking

                  barindex
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 101.99.94.54 ports 5651,1,465,5,6,80
                  Source: global trafficTCP traffic: 192.168.2.4:49734 -> 185.70.104.90:5651
                  Source: global trafficTCP traffic: 192.168.2.4:49735 -> 101.99.94.54:5651
                  Source: global trafficTCP traffic: 192.168.2.4:49738 -> 77.105.132.70:5651
                  Source: global trafficTCP traffic: 192.168.2.4:49741 -> 64.20.61.146:5655
                  Source: global trafficTCP traffic: 192.168.2.4:49818 -> 66.23.226.254:5655
                  Source: Joe Sandbox ViewIP Address: 77.105.132.70 77.105.132.70
                  Source: Joe Sandbox ViewIP Address: 64.20.61.146 64.20.61.146
                  Source: Joe Sandbox ViewIP Address: 185.70.104.90 185.70.104.90
                  Source: Joe Sandbox ViewIP Address: 66.23.226.254 66.23.226.254
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.70.104.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 77.105.132.70
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownTCP traffic detected without corresponding DNS query: 101.99.94.54
                  Source: unknownDNS traffic detected: queries for: id72.remoteutilities.com
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0=
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://madExcept.comU
                  Source: rutserv.exe, 00000009.00000002.2987513831.00000000066C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
                  Source: rutserv.exe, 00000009.00000003.1919101620.0000000006708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                  Source: rutserv.exe, 00000009.00000003.1919101620.00000000066E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/G
                  Source: rutserv.exe, 00000009.00000003.2512955936.00000000066CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSE67Nbq3jfQQg8yXEpbmqLTNn7XwQUm1%2BwNrqdBq4ZJ
                  Source: rutserv.exe, 00000009.00000003.1921331716.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2511488577.0000000001FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuN
                  Source: rutserv.exe, 00000009.00000002.2987878555.00000000066EB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919101620.00000000066E8000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.00000000066EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/O
                  Source: rutserv.exe, 00000009.00000003.1919101620.0000000006708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/p
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0W
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: rutserv.exe, 00000009.00000002.2987513831.00000000066C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.coma
                  Source: rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2704405939.0000000002026000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crlhttp
                  Source: rutserv.exe, 00000009.00000002.2902670220.0000000001FFF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2511488577.0000000001FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG3.crl
                  Source: rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://rmansys.ru/internet-id/
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                  Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                  Source: rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.remoteutilities.net/upgrade.ini
                  Source: rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.remoteutilities.net/upgrade_beta.ini
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flexerasoftware.com0
                  Source: rfusclient.exe, 00000004.00000003.1728446387.00000000033EC000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000004.00000000.1714769466.0000000000E4E000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.000000000122A000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000002.2909594242.0000000002675000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.indyproject.org/
                  Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inkscape.org/namespaces/inkscape
                  Source: rutserv.exe, 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.openssl.org/V
                  Source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                  Source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/index.php?src=app
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/index.php?src=app?src=app
                  Source: rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/index.php?src=appx.php?src=app0
                  Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs
                  Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/0
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/a0
                  Source: rutserv.exe, 00000009.00000002.2971300777.000000000503E000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/connecting-over-the-internet/
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/e
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/o0
                  Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/rt/docs/
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/rt/docs/r
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/s0
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/t0
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.php
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.php.
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.php...
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.php1
                  Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpB
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpdo?
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpes.
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpet
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpet
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpum
                  Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpken
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EC49180A59F0C351C30F112AD97CFA5_ED80F76A55EEDF047A88FD3F37D62FA3Jump to dropped file
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBFJump to dropped file

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPEMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPEDMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPEDMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1C300: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB1C300
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\49a7b6.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIAB6F.tmpJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB31E000_2_00007FF6CDB31E00
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB15E2C0_2_00007FF6CDB15E2C
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB3CD680_2_00007FF6CDB3CD68
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB3B0700_2_00007FF6CDB3B070
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB249380_2_00007FF6CDB24938
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB406340_2_00007FF6CDB40634
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1F8E80_2_00007FF6CDB1F8E8
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2A45C0_2_00007FF6CDB2A45C
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB333640_2_00007FF6CDB33364
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2AEC40_2_00007FF6CDB2AEC4
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2F0F00_2_00007FF6CDB2F0F0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB320B00_2_00007FF6CDB320B0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB51F600_2_00007FF6CDB51F60
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB48AFC0_2_00007FF6CDB48AFC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB34A780_2_00007FF6CDB34A78
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB11AA40_2_00007FF6CDB11AA4
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB21A540_2_00007FF6CDB21A54
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB559D80_2_00007FF6CDB559D8
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB329900_2_00007FF6CDB32990
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB4F9740_2_00007FF6CDB4F974
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB406340_2_00007FF6CDB40634
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB38CD40_2_00007FF6CDB38CD4
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB32C380_2_00007FF6CDB32C38
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2BB3C0_2_00007FF6CDB2BB3C
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB25B700_2_00007FF6CDB25B70
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB4C7180_2_00007FF6CDB4C718
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB176C00_2_00007FF6CDB176C0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1A6640_2_00007FF6CDB1A664
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2C9180_2_00007FF6CDB2C918
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB488800_2_00007FF6CDB48880
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB148400_2_00007FF6CDB14840
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB338440_2_00007FF6CDB33844
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1A2FC0_2_00007FF6CDB1A2FC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1C3000_2_00007FF6CDB1C300
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB352D00_2_00007FF6CDB352D0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB172880_2_00007FF6CDB17288
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB211CC0_2_00007FF6CDB211CC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2B4E00_2_00007FF6CDB2B4E0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB524300_2_00007FF6CDB52430
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110191505_2_11019150
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110241605_2_11024160
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F1705_2_1101F170
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110401705_2_11040170
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110311A05_2_110311A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110171B05_2_110171B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110200005_2_11020000
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103E0005_2_1103E000
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110050505_2_11005050
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E0605_2_1101E060
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110230805_2_11023080
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110370E05_2_110370E0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110223005_2_11022300
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110463405_2_11046340
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1107E3605_2_1107E360
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110243705_2_11024370
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110182005_2_11018200
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110322105_2_11032210
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110352105_2_11035210
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E2505_2_1101E250
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110272605_2_11027260
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110152705_2_11015270
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101A2A05_2_1101A2A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110252B05_2_110252B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E95075_2_110E9507
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110305105_2_11030510
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110195405_2_11019540
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110085605_2_11008560
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E858B5_2_110E858B
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110234005_2_11023400
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E740B5_2_110E740B
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110314105_2_11031410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110324105_2_11032410
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110204205_2_11020420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110194405_2_11019440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101C4405_2_1101C440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E4405_2_1101E440
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110364A05_2_110364A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110457205_2_11045720
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110257305_2_11025730
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103E7805_2_1103E780
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110227B05_2_110227B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102E6005_2_1102E600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110326005_2_11032600
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E06105_2_110E0610
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101C6305_2_1101C630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102F6305_2_1102F630
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103D6405_2_1103D640
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103E6405_2_1103E640
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F6605_2_1101F660
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104A6805_2_1104A680
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110196A05_2_110196A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110176D05_2_110176D0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103E9005_2_1103E900
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110269065_2_11026906
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101E9105_2_1101E910
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110079405_2_11007940
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E794F5_2_110E794F
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101B9805_2_1101B980
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110329B05_2_110329B0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101A9C05_2_1101A9C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110339DD5_2_110339DD
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110058205_2_11005820
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110188405_2_11018840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102D8405_2_1102D840
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110818505_2_11081850
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101F8605_2_1101F860
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110238A05_2_110238A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102A8A05_2_1102A8A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110178C05_2_110178C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11013B105_2_11013B10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11030B105_2_11030B10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AB205_2_1101AB20
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11019B805_2_11019B80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101DB805_2_1101DB80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11007B905_2_11007B90
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103DBD05_2_1103DBD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101CBF05_2_1101CBF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11025A005_2_11025A00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AA2C5_2_1101AA2C
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11016A405_2_11016A40
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102CA5F5_2_1102CA5F
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020A805_2_11020A80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11005AC05_2_11005AC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11017AE05_2_11017AE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11032AF05_2_11032AF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11045AF05_2_11045AF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031D605_2_11031D60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102CD705_2_1102CD70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101CDC05_2_1101CDC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1101AC505_2_1101AC50
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11005C805_2_11005C80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11020C805_2_11020C80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11008C895_2_11008C89
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031CA05_2_11031CA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1102ACD05_2_1102ACD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1103FF105_2_1103FF10
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11018F605_2_11018F60
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110DDF755_2_110DDF75
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11026FA95_2_11026FA9
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11007FC05_2_11007FC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11031FC05_2_11031FC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11034FE05_2_11034FE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11023E005_2_11023E00
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11022E805_2_11022E80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E7E935_2_110E7E93
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120112205_2_12011220
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120142905_2_12014290
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1201E2A05_2_1201E2A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12010BD05_2_12010BD0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203E0A25_2_1203E0A2
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203B9475_2_1203B947
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203BE8B5_2_1203BE8B
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12010E8B5_2_12010E8B
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1201177E5_2_1201177E
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203B4035_2_1203B403
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12002CC05_2_12002CC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120124C05_2_120124C0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120394ED5_2_120394ED
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12010D705_2_12010D70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120115785_2_12011578
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203C5835_2_1203C583
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1200EDA05_2_1200EDA0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_004811839_2_00481183
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11002490 appears 200 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 12031BA4 appears 39 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 1106FBE0 appears 40 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11067450 appears 116 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11063420 appears 31 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 12031898 appears 72 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11088AF0 appears 48 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 12032150 appears 149 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11001DC0 appears 145 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 11088E80 appears 50 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 110D46A0 appears 468 times
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: String function: 110DF348 appears 45 times
                  Source: rutserv.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                  Source: rfusclient.exe.2.drStatic PE information: Resource name: MAD type: DOS executable (COM, 0x8C-variant)
                  Source: rfusclient.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                  Source: unires_vpd.dll.2.drStatic PE information: Resource name: None type: COM executable for DOS
                  Source: unidrvui_rupd.dll0.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: unires_vpd.dll0.2.drStatic PE information: Resource name: None type: COM executable for DOS
                  Source: rutserv.exe.2.drStatic PE information: Number of sections : 11 > 10
                  Source: rfusclient.exe.2.drStatic PE information: Number of sections : 11 > 10
                  Source: unires_vpd.dll0.2.drStatic PE information: No import functions for PE file found
                  Source: unires_vpd.dll.2.drStatic PE information: No import functions for PE file found
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetAllUsers.dll< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISRegSvr.dll vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: oledlg.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msacm32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: security.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msftedit.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: idndl.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: security.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_is2022.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_g18030.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_iscii.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: libeay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ssleay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: security.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_is2022.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_g18030.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_iscii.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: libeay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ssleay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: security.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_is2022.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_g18030.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_iscii.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: libeay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ssleay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: version.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: security.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_is2022.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_g18030.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_iscii.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: libeay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ssleay32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: idndl.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: libeay32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: ssleay32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: wkscli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: rsaenh.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: firewallapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: fwbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: fwpolicyiomgr.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msftedit.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msftedit.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: textshaping.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dataexchange.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: d3d11.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dcomp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dxgi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: msftedit.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSection loaded: profapi.dll
                  Source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPEDMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPEDMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: unires_vpd.dll0.2.drStatic PE information: Section .rsrc
                  Source: unires_vpd.dll.2.drStatic PE information: Section .rsrc
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@23/88@2/5
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB1B6E8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF6CDB1B6E8
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB38504 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF6CDB38504
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,9_2_007F4CA4
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,9_2_007F4CA4
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - HostJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1f70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \BaseNamedObjects\HookTThread$1ec4
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSTray
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: NULL
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1f84
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1dfc
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \BaseNamedObjects\madExceptSettingsMtx$1ec4
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\HookTThread$1f84
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSLocal
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\HookTThread$1f70
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1dd8
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \BaseNamedObjects\madExceptSettingsMtx$1f48
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1e5c
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1398
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1db0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4825296Jump to behavior
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeVirustotal: Detection: 28%
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeFile read: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
                  Source: unknownProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qnJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /startJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewallJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /trayJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupd.iniJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic file information: File size 20949417 > 1048576
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\libeay32.pdb source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb@W source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000000.1646535165.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeUnpacked PE file: 4.2.rfusclient.exe.650000.0.unpack
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4825296Jump to behavior
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: section name: .didat
                  Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeStatic PE information: section name: _RDATA
                  Source: vp8decoder.dll.2.drStatic PE information: section name: .rodata
                  Source: vp8encoder.dll.2.drStatic PE information: section name: .rodata
                  Source: webmvorbisdecoder.dll.2.drStatic PE information: section name: _RDATA
                  Source: webmvorbisencoder.dll.2.drStatic PE information: section name: _RDATA
                  Source: vccorlib120.dll.2.drStatic PE information: section name: minATL
                  Source: rutserv.exe.2.drStatic PE information: section name: .didata
                  Source: rfusclient.exe.2.drStatic PE information: section name: .didata
                  Source: eventmsg.dll.2.drStatic PE information: section name: .didata
                  Source: vccorlib120.dll0.2.drStatic PE information: section name: minATL
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110DF38D push ecx; ret 5_2_110DF3A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12035721 push ecx; ret 5_2_12035734
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CBF79 push 34007CC2h; retn 007Ch9_2_007CC035
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CC270 push 34007CC2h; retn 007Ch9_2_007CC34D
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CCA5F pushfd ; retf 007Ch9_2_007CCA6B
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CC554 push 34007CC2h; retn 007Ch9_2_007CC611
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CC2B0 push 34007CC2h; retn 007Ch9_2_007CC34D
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CCBA9 pushfd ; retf 007Ch9_2_007CCBAA
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007CC2A0 push eax; ret 9_2_007CC2A5
                  Source: msvcr120.dll.2.drStatic PE information: section name: .text entropy: 6.95576372950548
                  Source: VPDAgent.exe.2.drStatic PE information: section name: .text entropy: 6.812931691200469
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\libeay32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\webmmux.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\vp8decoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\ssleay32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrvui_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisdecoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisencoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAB6F.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\vp8encoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAB6F.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exeJump to dropped file
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeFile created: C:\ProgramData\Remote Utilities\install.logJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Utilities - Host\EULA.rtfJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,9_2_007F4CA4

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses an obfuscated file name to hide its real file extension (double extension)
                  Source: Possible double extension: pdf.exeStatic PE information: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer SecurityJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: rutserv.exe, 00000005.00000000.1736259820.0000000000D41000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEC
                  Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEE0
                  Source: rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXET
                  Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEW
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004DE0 rdtsc 5_2_11004DE0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeWindow / User API: threadDelayed 5772Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeWindow / User API: threadDelayed 1371Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeWindow / User API: threadDelayed 5216
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeWindow / User API: threadDelayed 4281
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmmux.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\vp8decoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrvui_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisdecoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisencoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIAB6F.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\vp8encoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exeJump to dropped file
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeAPI coverage: 0.4 %
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7952Thread sleep count: 5772 > 30Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7952Thread sleep time: -5772000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8004Thread sleep time: -50000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8032Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8076Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8084Thread sleep time: -35000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8088Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8044Thread sleep count: 1371 > 30Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8092Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8188Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7892Thread sleep count: 38 > 30Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe TID: 7356Thread sleep time: -2608000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe TID: 7356Thread sleep time: -2140500s >= -30000s
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB240CC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB240CC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB3B070
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB4FB80 FindFirstFileExA,0_2_00007FF6CDB4FB80
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004940 OPENSSL_DIR_read,_malloc,_memset,_malloc,FindFirstFileA,FindNextFileA,_strncpy,5_2_11004940
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110D9950 __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,5_2_110D9950
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB41584 VirtualQuery,GetSystemInfo,0_2_00007FF6CDB41584
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeThread delayed: delay time: 50000Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\winspool.drvJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dllJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\Jump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\winmm.dllJump to behavior
                  Source: rutserv.exe, 00000009.00000003.1919101620.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006705000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.0000000006705000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                  Source: rfusclient.exe, 00000004.00000002.1733215838.00000000017D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11004DE0 rdtsc 5_2_11004DE0
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB43050 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CDB43050
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,5_2_1106C670
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB50C00 GetProcessHeap,0_2_00007FF6CDB50C00
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /startJump to behavior
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB43050 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CDB43050
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB475B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CDB475B8
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB43234 SetUnhandledExceptionFilter,0_2_00007FF6CDB43234
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB423F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6CDB423F0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110DC073 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_110DC073
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E5AA7 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_110E5AA7
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110D4D22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_110D4D22
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_12032EF0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_12032EF0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_120324E5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_120324E5
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1203558C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_1203558C
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB3B070
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qnJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewallJump to behavior
                  Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSV
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB2DBDC cpuid 0_2_00007FF6CDB2DBDC
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF6CDB3A1AC
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: GetLocaleInfoA,5_2_110E71A3
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: GetLocaleInfoA,5_2_1203DE54
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB40634 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CDB40634
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110E0E32 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,5_2_110E0E32
                  Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exeCode function: 0_2_00007FF6CDB24EC0 GetVersionExW,0_2_00007FF6CDB24EC0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: rutserv.exe, 00000005.00000000.1736259820.0000000000D41000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ollydbg.exe

                  Remote Access Functionality

                  barindex
                  Detected Remote Utilities RAT
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
                  Source: unknownProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /startJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters notificationJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters SecurityJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters GeneralJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters CallbackSettingsJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters FUSClientPathJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters InternetIdJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters CertificatesJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters CalendarRecordSettingsJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewallJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /trayJump to behavior
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_11068160 BIO_get_accept_socket,BIO_sock_init,BUF_strdup,DSO_global_lookup,DSO_global_lookup,BIO_get_port,htons,BIO_get_host_ip,htonl,socket,setsockopt,bind,WSAGetLastError,htonl,socket,connect,closesocket,closesocket,socket,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,ERR_put_error,ERR_add_error_data,ERR_put_error,listen,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,CRYPTO_free,closesocket,5_2_11068160
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E3A0 DSO_bind_var,ERR_put_error,ERR_put_error,ERR_put_error,5_2_1104E3A0
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_1104E420 DSO_bind_func,ERR_put_error,ERR_put_error,ERR_put_error,5_2_1104E420
                  Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exeCode function: 5_2_110B9870 NCONF_get_string,ERR_clear_error,DSO_load,DSO_bind_func,DSO_bind_func,DSO_free,ERR_put_error,ERR_add_error_data,5_2_110B9870
                  Source: Yara matchFile source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rfusclient.exe PID: 7600, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rutserv.exe PID: 7640, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rutserv.exe PID: 7876, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Replication Through Removable Media                  		1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Exploitation for Privilege Escalation                  		1
                  Disable or Modify Tools                  		OS Credential Dumping2
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		2
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Service Execution                  		3
                  Windows Service                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)3
                  Windows Service                  		14
                  Obfuscated Files or Information                  		Security Account Manager4
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Remote Access Software                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
                  Process Injection                  		12
                  Software Packing                  		NTDS56
                  System Information Discovery                  		Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets251
                  Security Software Discovery                  		SSHKeylogging1
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  File Deletion                  		Cached Domain Credentials111
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
                  Masquerading                  		DCSync3
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1385428 Sample: 3_#U0420#U0430#U0445#U0443#... Startdate: 02/02/2024 Architecture: WINDOWS Score: 100 47 id72.remoteutilities.com 2->47 49 id.remoteutilities.com 2->49 65 Malicious sample detected (through community Yara rule) 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 Detected unpacking (overwrites its own PE header) 2->69 71 5 other signatures 2->71 8 msiexec.exe 96 95 2->8         started        12 rutserv.exe 10 33 2->12         started        15 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe 8 2->15         started        signatures3 process4 dnsIp5 37 C:\Program Files (x86)\...\rutserv.exe, PE32 8->37 dropped 39 C:\Program Files (x86)\...\rfusclient.exe, PE32 8->39 dropped 41 en_server_stop_B60...E7A415B72132E14.exe, PE32 8->41 dropped 45 41 other files (none is malicious) 8->45 dropped 73 Detected Remote Utilities RAT 8->73 17 rutserv.exe 3 8->17         started        20 rutserv.exe 2 8->20         started        22 rfusclient.exe 6 8->22         started        32 2 other processes 8->32 51 101.99.94.54, 465, 49735, 49736 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 12->51 53 77.105.132.70, 5651, 80 PLUSTELECOM-ASRU Russian Federation 12->53 55 3 other IPs or domains 12->55 75 Query firmware table information (likely to detect VMs) 12->75 24 rfusclient.exe 12->24         started        26 rutserv.exe 12->26         started        28 rfusclient.exe 12->28         started        43 C:\Users\user\AppData\Local\Tempxel.msi, Composite 15->43 dropped 30 msiexec.exe 15->30         started        file6 signatures7 process8 signatures9 57 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 17->57 59 Detected Remote Utilities RAT 24->59 61 Query firmware table information (likely to detect VMs) 24->61 34 rfusclient.exe 24->34         started        process10 signatures11 63 Query firmware table information (likely to detect VMs) 34->63

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe28%VirustotalBrowse

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll0%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.indyproject.org/0%URL Reputationsafe
                  http://www.indyproject.org/0%URL Reputationsafe
                  http://www.flexerasoftware.com00%URL Reputationsafe
                  http://update.remoteutilities.net/upgrade_beta.ini0%Avira URL Cloudsafe
                  http://update.remoteutilities.net/upgrade.ini0%VirustotalBrowse
                  http://update.remoteutilities.net/upgrade.ini0%Avira URL Cloudsafe
                  http://madExcept.comU0%Avira URL Cloudsafe
                  http://update.remoteutilities.net/upgrade_beta.ini0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  id.remoteutilities.com
                  		64.20.61.146
                  		truefalse
                    		high
                    fp2e7a.wpc.phicdn.net
                    		192.229.211.108
                    		truefalseunknown
                    id72.remoteutilities.com
                    		unknown
                    		unknownfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNGrutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpfalse
                        		high
                        https://www.remoteutilities.com/support/docs/erutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://www.remoteutilities.com/support/docs/rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpetrutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://www.openssl.org/Vrutserv.exe, 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                		high
                                https://www.remoteutilities.com/support/docs/s0rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://madExcept.comUrfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.remoteutilities.com/support/docs/o0rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.remoteutilities.com/support/docs/rt/docs/rrutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.remoteutilities.com/tell-me-more.phpetrutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.indyproject.org/rfusclient.exe, 00000004.00000003.1728446387.00000000033EC000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000004.00000000.1714769466.0000000000E4E000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.000000000122A000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000002.2909594242.0000000002675000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.remoteutilities.com/support/docs/0rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.remoteutilities.com/tell-me-more.phpBrutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.symauth.com/cps0(3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://rmansys.ru/internet-id/rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                  		high
                                                  https://www.remoteutilities.com/tell-me-more.php...rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.openssl.org/support/faq.htmlrutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                      		high
                                                      https://www.remoteutilities.com/index.php?src=app?src=apprutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.remoteutilities.com/index.php?src=appx.php?src=app0rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://update.remoteutilities.net/upgrade.inirutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.remoteutilities.com/tell-me-more.php1rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.remoteutilities.com/tell-me-more.php.rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtdrfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.symauth.com/rpa003_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.remoteutilities.com/index.php?src=apprutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.remoteutilities.com/support/docs/t0rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.remoteutilities.com/tell-me-more.phpes.rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.remoteutilities.com/support/docs/connecting-over-the-internet/rutserv.exe, 00000009.00000002.2971300777.000000000503E000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.remoteutilities.com/support/docs/rt/docs/rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.remoteutilities.com/tell-me-more.phprutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://update.remoteutilities.net/upgrade_beta.inirutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • 0%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.remoteutilities.com/tell-me-more.phpdo?rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.remoteutilities.com/tell-me-more.phpkenrutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.flexerasoftware.com03_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.inkscape.org/namespaces/inkscaperfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.remoteutilities.com/support/docs/a0rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.remoteutilities.com/support/docsrutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpumrutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          77.105.132.70
                                                                                          		unknownRussian Federation
                                                                                          		42031PLUSTELECOM-ASRUfalse
                                                                                          64.20.61.146
                                                                                          		id.remoteutilities.comUnited States
                                                                                          		19318IS-AS-1USfalse
                                                                                          185.70.104.90
                                                                                          		unknownRussian Federation
                                                                                          		49335NCONNECT-ASRUfalse
                                                                                          66.23.226.254
                                                                                          		unknownUnited States
                                                                                          		19318IS-AS-1USfalse
                                                                                          101.99.94.54
                                                                                          		unknownMalaysia
                                                                                          		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue

                                                                                          General Information

                                                                                          Joe Sandbox version:39.0.0 Ruby
                                                                                          Analysis ID:1385428
                                                                                          Start date and time:2024-02-02 09:36:08 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 9m 53s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:17
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:3_.pdf.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.evad.winEXE@23/88@2/5
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 83.3%
                                                                                          HCA Information:Failed
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 192.229.211.108
                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          09:37:16API Interceptor466522x Sleep call for process: rutserv.exe modified
                                                                                          09:37:24API Interceptor105497x Sleep call for process: rfusclient.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          77.105.132.70CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                            CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                              install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                hostcr.exeGet hashmaliciousRemcosBrowse
                                                                                                  Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                    Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                      0442.EXE.exeGet hashmaliciousQuasarBrowse
                                                                                                        gbquas.exeGet hashmaliciousQuasarBrowse
                                                                                                          c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                            c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                              64.20.61.146WEXTRACT.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                WX2.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                  WEXTRACT.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                    WX2.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                      Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                        Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                          c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                            c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                              42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                  185.70.104.90CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                    CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                      install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                        hostcr.exeGet hashmaliciousRemcosBrowse
                                                                                                                                          #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.exeGet hashmaliciousBabadeda, RemcosBrowse
                                                                                                                                            #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.exeGet hashmaliciousBabadeda, RemcosBrowse
                                                                                                                                              #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.zipGet hashmaliciousRemcosBrowse
                                                                                                                                                66.23.226.254WX2.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                  c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                    42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                      42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                        42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                          akt-sverka_PDF.exeGet hashmaliciousRMSRemoteAdmin, RedLineBrowse
                                                                                                                                                            BUILD.bin.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                              w89kTa93Aw.exeGet hashmaliciousRMSRemoteAdminBrowse

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader, Socks5Systemz, zgRATBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://buly.kr/FWQBDMHGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                http://culrosha.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.redwingsfactoryoutlet.com/0.4552917875246032Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.alphaleteromania.com/collections/dama-c-0.html?&gender=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.trapstarisrael.co.il/collections/clothing-tracksuits-c-1_3.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.josefseibelfactoryoutlet.com/400.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.camperturkiye.com.tr/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.alphaleteromania.com/shopping_cart.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                https://www.bottegavenetahr.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.229.211.108
                                                                                                                                                                id.remoteutilities.comWEXTRACT.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                WX2.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                WEXTRACT.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                WX2.EXE.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146
                                                                                                                                                                42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 64.20.61.146

                                                                                                                                                                ASNs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                PLUSTELECOM-ASRUfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 185.225.200.120
                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 77.105.132.70
                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 77.105.132.70
                                                                                                                                                                install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 77.105.132.124
                                                                                                                                                                http://jerryposter.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 77.105.140.181
                                                                                                                                                                hostcr.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                • 77.105.132.70
                                                                                                                                                                file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                • 77.105.147.130
                                                                                                                                                                p1vNyPdVh2.exeGet hashmaliciousStealc, Vidar, zgRATBrowse
                                                                                                                                                                • 77.105.132.229
                                                                                                                                                                Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 77.105.132.124
                                                                                                                                                                Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 77.105.132.124
                                                                                                                                                                IS-AS-1USDe0RycaUHH.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                • 67.217.62.48
                                                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.20834.11238.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.217.58.242
                                                                                                                                                                SQfJLT4jnm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                kVQs7ONDHM.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                UuBCOKkRJD.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                S6I8E5c6Vo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                MpoA7XN3B6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                z24a4Xr7H5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                4ezGurnR0i.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                ATT65793.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.64.85.182
                                                                                                                                                                IS-AS-1USDe0RycaUHH.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                • 67.217.62.48
                                                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.20834.11238.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 67.217.58.242
                                                                                                                                                                SQfJLT4jnm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                kVQs7ONDHM.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                UuBCOKkRJD.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                S6I8E5c6Vo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                MpoA7XN3B6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                z24a4Xr7H5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                4ezGurnR0i.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 162.250.123.61
                                                                                                                                                                ATT65793.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 192.64.85.182
                                                                                                                                                                NCONNECT-ASRUCCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 185.70.104.112
                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 185.70.104.112
                                                                                                                                                                install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                • 185.70.104.112
                                                                                                                                                                hostcr.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                • 185.70.104.90
                                                                                                                                                                #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.exeGet hashmaliciousBabadeda, RemcosBrowse
                                                                                                                                                                • 185.70.104.90
                                                                                                                                                                #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.exeGet hashmaliciousBabadeda, RemcosBrowse
                                                                                                                                                                • 185.70.104.90
                                                                                                                                                                #U0417#U0430#U043f#U0438#U0442 #U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442#U0456#U0432.zipGet hashmaliciousRemcosBrowse
                                                                                                                                                                • 185.70.104.90
                                                                                                                                                                SWIFT_COPY.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 31.192.107.164
                                                                                                                                                                SWIFT_COPY.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 31.192.107.164
                                                                                                                                                                JTT_4240101203000.xlsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                • 31.192.107.163

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                No context

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exeCCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                  CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                    install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                      Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                        Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                          c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                            c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                              42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                  42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                    C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exeCCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                      CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                        install.msiGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                          Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                            Judicial request.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                              c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                c_unpack.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                  42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                    42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                      42 Medoc.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Config.Msi\49a7b8.rbs

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):32359
                                                                                                                                                                                                        Entropy (8bit):5.221077217292647
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:fltototxA6rSrBjp1kyUXGiM01HuECIQcQpeQn6mPaUaqBt6M+pG57:YGsBjpKyUXGeHuECIQcQkQ6mPaUaqBtD
                                                                                                                                                                                                        MD5:68206233254021EE853F27ADA734D571
                                                                                                                                                                                                        SHA1:E39BBFE2F243F5DA81FF44D7F3F7F4304635A8D6
                                                                                                                                                                                                        SHA-256:70B973BF6109792A708B02D6EE011540F39C6EE73B4C7E2FBA20B23E9D4D8E7D
                                                                                                                                                                                                        SHA-512:4E6FAD6664F3D6FC8DF295BE51C5D07286EBF591AA849E57C39D781879F7D4C4EC111FB727DA2BABCD2D21B2E9E6ED286D2D08D1C350263E37E6BF0434468E9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@IXOS.@.....@.LBX.@.....@.....@.....@.....@.....@......&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}..Remote Utilities - Host..Exel.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{BFB6CB81-8A2D-41FC-A737-5CF8EB370093}.....@.....@.....@.....@.......@.....@.....@.......@......Remote Utilities - Host......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{00000000-0000-0000-0000-000000000000}.@......&.{3244CDE6-6414-4399-B0D5-424562747210}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{197F692B-7CCA-4D79-85A5-ED04202D08D0}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{E79AC184-AD38-4B26-89D0-75B7CEA19FA2}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{BDFF180E-29DE-4951-A6

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\EULA.rtf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15975
                                                                                                                                                                                                        Entropy (8bit):4.971311456641861
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Akc9TI9T+FCnjK71n5yqmOxSCH/Cu37gFpBukSVb5R:AkcuoCnjK7Rh5Cu3U/W
                                                                                                                                                                                                        MD5:9B0E600EB09E7A86199F7BA245D1CD2B
                                                                                                                                                                                                        SHA1:E3E52B3E04B08E59AAE74300F7D30C3D0AA27148
                                                                                                                                                                                                        SHA-256:879180116B82210292648709982F405EAE84B05E6F2FF324A6A5CC7CD512D3E7
                                                                                                                                                                                                        SHA-512:DD1622474C48ECF5C95E7585FB30B5279CF45DFC89332531758838B05F73499F536F7CADAF529AA4FA5AE0808E30A455465829DB7D13F2EE2E7D9B7BD12E17E5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{\rtf1\ansi\ansicpg1252\cocoartf2638.\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 ArialMT;\f1\ftech\fcharset77 Symbol;}.{\colortbl;\red255\green255\blue255;\red51\green51\blue51;}.{\*\expandedcolortbl;;\csgenericrgb\c20000\c20000\c20000;}.{\*\listtable{\list\listtemplateid1\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid1\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid1}.{\list\listtemplateid2\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid101\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid2}}.{\*\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}{\listoverride\listid2\listoverridecount0\ls2}}.{\info.{\author Marat}}\margl1440\margr1440\vieww12540\viewh15120\view

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16352
                                                                                                                                                                                                        Entropy (8bit):6.54052527746532
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:IxgSABvdm4Yy3EA39QKH5EDZSZuc2+huLdALWwsUJZscF8Bd1LPK6CYHB5K:Ix0FmW3EaHiDZSZwJdLSZsHLPK6jHG
                                                                                                                                                                                                        MD5:73E40D762BA0B67027B8A489E5161821
                                                                                                                                                                                                        SHA1:F4D9B83EC23C6226C20C39F1B996894992707124
                                                                                                                                                                                                        SHA-256:37E3F9B5D5B95A47EB44E72E1E587C553BCAB7981DFF5D108FDE86B702E1A858
                                                                                                                                                                                                        SHA-512:8F9FC3533433AF5B44B1E19B377D184FCA51A95B6289B9D80628998802FB1ACEC488F22FFC563E1CC413DFD8FFEF2E097E882C29029BC29CFA11F9434A8DF002
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: CCleaner.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: CCleaner.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: install.msi, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Judicial request.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Judicial request.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: c_unpack.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: c_unpack.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3.j.]Oj.]Oj.]Og..Oh.]Og..Oh.]Og..Oy.]Og..Oh.]Oc..Oc.]Oj.\OY.]O..Ok.]Og..Ok.]O..Ok.]ORichj.]O........................PE..L......S..................................... ....@..........................`.......k....@.................................."..x....@...................!...P..|....!..8............................!..@............ ...............................text...2........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..|....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2674656
                                                                                                                                                                                                        Entropy (8bit):6.865564996943119
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:dE8JxHX5r9sDQl7wDSMSFxvQ/qpyr0k0ha5XLDaDMPNw2x8pWTUKA76AeFG:dE8XHX5riUl7wDP6vQ/qpyr0kR5XLWD/
                                                                                                                                                                                                        MD5:D47B1FBDAE6406EC50110A3C59F685F4
                                                                                                                                                                                                        SHA1:B242609CB05CA8F5BFD08306274D10AC6E22E20C
                                                                                                                                                                                                        SHA-256:B03A3AD0C77DD9FD4DE0CB1FF938074ACCFBB8AC413524B1158DFA5014A26CE2
                                                                                                                                                                                                        SHA-512:E2601392D9615138B32F33295CBACF1C54A7DDD04FF4BE70800190CC55F1FD6EE8A8400913E103FC74C0C57D18B1A94B81E9E5EC9AE9182BA03D413B87DD7E0E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: CCleaner.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: CCleaner.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: install.msi, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Judicial request.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Judicial request.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: c_unpack.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: c_unpack.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 42 Medoc.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zz..zz..zz.M...zz.+...zz.+...zz.+...zz.+...zz.f...zz..zz..zz.f..Oxz..z{..{z......zz.f...zz..(...zz..z...zz.f...zz.Rich.zz.........PE..L..../.\............................5u............@.......................... )......9)...@.................................<.&.......'.H.............(..!....'..n..................................0:&.@............................................text...5........................... ..`.rdata..............................@..@.data...<.....&..d....&.............@....rsrc...H.....'......8'.............@..@.reloc...n....'..p...>'.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1111520
                                                                                                                                                                                                        Entropy (8bit):6.491611255996076
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:UqSQS800orApz53PI2GVqH7kpf/V57GGcP6T5m+moXafzz:SQSX0oAtkpf/bfcyTTmoozz
                                                                                                                                                                                                        MD5:829AB21444204D50C64B805FE7897433
                                                                                                                                                                                                        SHA1:8540A93A2376B4B3EA447830775FFA69AB089A63
                                                                                                                                                                                                        SHA-256:2FE3D65C4CB5CB2DBB73AA0C05392230F7B52A7482C80A531B2E4C7DC42C16D9
                                                                                                                                                                                                        SHA-512:E5FF3639B275B6849FF0E974E4A921ED9461B4257684F088E651D32080C07F09394B19FB75E5EAA69C250CFAA682F6E3740CD0BA65F16B0FFBD81F01183FF2A8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........[.:..:..:....l.:....n.7:....o.:..d..:..d...:..d..:..u.V.:..?d...:..?d..:..?d..:..:..T:..?d..:..?d..:..:db.:..?d..:..Rich.:..........................PE..L......\...........!......................................................................@.............................|....&..d........................!.......l......p...............................@............................................text............................... ..`.rdata..p;.......<..................@..@.data...H;...@...*..................@....gfids..$............X..............@..@.rsrc................d..............@..@.reloc...l.......n...f..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23520
                                                                                                                                                                                                        Entropy (8bit):6.440740836511924
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Bb57Gk7g+iy218DTK9jkrtpgjKMp+fZSZwJdLSZsHLPK6jHvCg:h/218DTVrtsKMsBpPKgP1
                                                                                                                                                                                                        MD5:99B4B661886B0E7B480FEA0847ABD1B0
                                                                                                                                                                                                        SHA1:397EBD9B25DB33B20E5FECA257BDFA69424D8693
                                                                                                                                                                                                        SHA-256:0168F614579F7EFDE386DF3C6F63A3804DBB5EC37ED954859B4CEE3D82065617
                                                                                                                                                                                                        SHA-512:9F150CDA46349401984BA11F3E88FD379A36006CC403AD78DF02A6BFE4D9EC49043A343A49B7349C19D2391ED84D9B27E6BCF374322E76F4EA6E237852A97157
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9Gf.}&.I}&.I}&.I;w.I|&.I;w.In&.I;w.Iy&.I;w.Iy&.It^.Ix&.I}&.I?&.I..I|&.Ipt.I|&.I}&.I|&.I..I|&.IRich}&.I................PE..L..../.\.....................8......e".......0....@.......................................@.................................49..d....`..@............:...!...p......@1..8............................5..@............0...............................text...k........................... ..`.rdata..:....0......................@..@.data........@......................@....rsrc...@....`.......0..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4006368
                                                                                                                                                                                                        Entropy (8bit):6.80959441986422
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:ZbR+lDT6t58JcKdTG57M06POn9rvBAUZLM8FA8:5R+lDOt5kgFvVwmr
                                                                                                                                                                                                        MD5:545F1581B2486E834B8FA676A5F7A8EA
                                                                                                                                                                                                        SHA1:2AB6F0B7D1FC4CE98CAE89B0DC04D7972CC67D77
                                                                                                                                                                                                        SHA-256:21E0FEBE30F53D63985ACA992A1BCF2B6853B6B23808BD910C4EE54979B271EE
                                                                                                                                                                                                        SHA-512:1DF88C03CB89845C484767897FA6CAD1C6412B10C67363E597BFC80BD0798F99D2C47A84FAF6A07B721D81CA0F3D0D5A7F3F7BDD2B179819A468F9DDA07F5826
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.............3.......3.......3.............................fP8.............,......,.......,...Z...,.......).......,.......Rich....................PE..L......\...........!.....b"..0................"...............................=.......>...@.........................pA:......p:.d.....;...............=..!....;.$.....6.p.....................6.....p.6.@.............".d............................text...9a"......b"................. ..`.rdata..(....."......f".............@..@.data.........:..j...f:.............@....gfids........;.......:.............@..@.tls..........;.......:.............@....rsrc.........;.......:.............@..@.reloc..$.....;.. ....:.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\printer.ico

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10134
                                                                                                                                                                                                        Entropy (8bit):5.364629779133003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                                                                                                                        MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                                                                                                                        SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                                                                                                                        SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                                                                                                                        SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40416
                                                                                                                                                                                                        Entropy (8bit):6.363657503806742
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ZkzqOI138e1y6JMKxTrAogoAoaP7+qFXYiLxjdQMUQ9LSk3E0gTSsn2TkhI3K0Tz:ZLqokSaddQMUNk3EXSsn2Tk4j3pPKgz
                                                                                                                                                                                                        MD5:65BE96DA02367532D8ED15F1300850CF
                                                                                                                                                                                                        SHA1:A8105BB2B6759450726539831AB646209C3EA51C
                                                                                                                                                                                                        SHA-256:5ABD11523B355CEF76D32DF24D9E82ED148B1A6DC3CA7C2FD7197FFED45D74E3
                                                                                                                                                                                                        SHA-512:F336974A176120AD7453144548CD01CFFF71F91CCE6E146F99F1ACFA488A57CBBDC436DACA54F1FD04254E48BD86C54C90D990A33761BF1C4874621C31C513D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............b..b..b..3...b..3+..b..3*..b..3...b.Z....b...X..b..b..b.Z....b..0...b..b\..b.Z....b.Rich.b.................PE..L..../.\.................D...8.......I.......`....@..................................~....@..................................s.......................|...!...........b..8............................j..@............`...............................text....C.......D.................. ..`.rdata.......`... ...H..............@..@.data................h..............@....rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):180192
                                                                                                                                                                                                        Entropy (8bit):5.245276621355164
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:zvQtL1VQPsuMC7Wsb5o5/mXOMzZ52NyoGCIfb0wk7UAjKQpmArUaDZqxw+:E/i97Wao5eDaNvGCIj0w+mArBZk
                                                                                                                                                                                                        MD5:1589EAD8B5B00AE5E574FA6F005256C4
                                                                                                                                                                                                        SHA1:894D1EB249155F9383870F754B745321EA924473
                                                                                                                                                                                                        SHA-256:6D4939FD651AF68DB82784425A2B6805F1169376B5CA9C5821E5C8CFB81C549C
                                                                                                                                                                                                        SHA-512:86252A061E102E87933CEFA53F31F1AD459A91AB555D1847F10583D9096542E2912AA7230E90DCFB3ED8EA5E8F2D232AC81C203E943DBF2E690AC8D500EB24AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z............X.1....X......X.3....X........m......}....D3.........D.......5......y....D0....Rich...........................PE..L..../.\.................\..........8........p....@..........................0............@.................................,5.......`..V................!...........z..8...............................@............0..,............................text....[.......\.................. ..`.rdata..(E...p...F...`..............@..@.data....l..........................@....idata...$...0...&..................@..@.rsrc...V....`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\rupd.lng

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98650
                                                                                                                                                                                                        Entropy (8bit):4.192473934109759
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                                                                                                                        MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                                                                                                                        SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                                                                                                                        SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                                                                                                                        SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):53728
                                                                                                                                                                                                        Entropy (8bit):6.5571910635788635
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:jqfYiEXOtlk4SgVg1pQtfVuTsxxSzELKoZeepPKg3:ZiEXYq2g1pC9uToxkiZ/x1
                                                                                                                                                                                                        MD5:A810FC0F499E254375FB1FA9116E2CCF
                                                                                                                                                                                                        SHA1:CBD73834170A05A8D47846B255E02A2C7778C06A
                                                                                                                                                                                                        SHA-256:966EF76FE3476D530B1B97A6F40947ED14ADA378F13E44ECFE774EDC998CD0B0
                                                                                                                                                                                                        SHA-512:59D0855636E25C0F41A5401184C7CA16082A25FF72CAAD2D2C183E3977FBF60AE50C2E6A9F686681F1F19067225BB68C6FB3AEA808E7E5982C49B08E2095A669
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3..3..3..uO..1..uO.. ..uO,.7..uO..6..3..S..:fb.4.....1..>L*.2..3.f.2.../.2..Rich3..........................PE..L..../.\.................v...:......Ez............@.......................................@.....................................x.......@................!..............8...............................@...............|............................text....u.......v.................. ..`.rdata...!......."...z..............@..@.data...............................@....rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2772960
                                                                                                                                                                                                        Entropy (8bit):6.917269583439067
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:QuZqJvz7GHYFVw8vfMVDpaLGtH3uSvQ/qpyr0kiU6HoCPLG5gzyUxChReb0:QuZqJvz7GHGVfvfMVDNNxvQ/qpyr0kpn
                                                                                                                                                                                                        MD5:E608CE332F016026E3D3B62E606192CA
                                                                                                                                                                                                        SHA1:0A5FB826AC299D4D086AF8BF1391184A15976571
                                                                                                                                                                                                        SHA-256:57AB69CBCB0DA76BD70D897514AEAE6858F52BD391B955D5C3A980A19F1DDE58
                                                                                                                                                                                                        SHA-512:53E4E647D43910D15158EF61445A77F80D72F7A63001C220D8A53853DCF04918B849532305180347A230D70E61992C034C48CEE2DAB8247BEE113FEB5AF1ACAF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.&.1fH.1fH.1fH....8fH.w7..<fH.w7..<fH.w7..5fH.w7..6fH.8..$fH.1fI.^gH.1fH.&fH......dH......fH.....,fH.....0fH.<4..0fH.....0fH.Rich1fH.................PE..L...,..[...........!.........j......#......... ...............................*.......*...@.........................p.'..:..T.(.......)...............*..!....).8|..0. .8............................8'.@............. .h............................text............................... ..`.rdata...-.... ....... .............@..@.data........@(..~...0(.............@....rsrc.........).......(.............@..@.reloc..8|....)..~....(.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2992096
                                                                                                                                                                                                        Entropy (8bit):6.789893578257523
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:kN1BAW/tsUJX4JIHl3LhI2NnmTYH2RXoSrB/KYtvQ/qpyr0kyaTGjEawEP1vsB9u:kN1BaFY3FI29mTYH2JRwovQ/qpyr0ksD
                                                                                                                                                                                                        MD5:45D5F1B29B1B40B232D662DACF07D0DC
                                                                                                                                                                                                        SHA1:822E821E261B385FA7300530AA633A2E0C7D7914
                                                                                                                                                                                                        SHA-256:F224CDCDE4A049C4F471CC2C50E75FB55E4C0A540FEA4AD24A4C57E97DE48780
                                                                                                                                                                                                        SHA-512:1ADBB3D83107DCDE018EC41902FEF7C5E3AF3D6A7BC11AA6C71D23FB23F02ED36E9D6317631523D7B837FD19D934C0DCE73345B5DF0E82C2BE4B0A831C6A8282
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............j...j...j..V.u..j...;m..j...;R..j...;o..j...;S..j....!..j..}.o..j...j...j..}.R.3h..}.S..j.._4...j...j..Ah..}.W..j..}.n..j...8i..j...j%..j..}.l..j..Rich.j..........................PE..L..../.\..................!...........!......."...@...........................-...........@..........................+.+.....+.......,.@.............-..!....,..C...................................x+.@............."..............................text...g.!.......!................. ..`.rdata..T.....".......".............@..@.data....~....,..N....+.............@....rsrc...@.....,......<,.............@..@.reloc...C....,..D...B,.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):660128
                                                                                                                                                                                                        Entropy (8bit):6.339798513733826
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
                                                                                                                                                                                                        MD5:46060C35F697281BC5E7337AEE3722B1
                                                                                                                                                                                                        SHA1:D0164C041707F297A73ABB9EA854111953E99CF1
                                                                                                                                                                                                        SHA-256:2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
                                                                                                                                                                                                        SHA-512:2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):963232
                                                                                                                                                                                                        Entropy (8bit):6.634408584960502
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
                                                                                                                                                                                                        MD5:9C861C079DD81762B6C54E37597B7712
                                                                                                                                                                                                        SHA1:62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
                                                                                                                                                                                                        SHA-256:AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
                                                                                                                                                                                                        SHA-512:3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\ntprint.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9698
                                                                                                                                                                                                        Entropy (8bit):3.8395767056459316
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT
                                                                                                                                                                                                        MD5:6476F7217D9D6372361B9E49D701FB99
                                                                                                                                                                                                        SHA1:E1155AB2ACC8A9C9B3C83D1E98F816B84B5E7E25
                                                                                                                                                                                                        SHA-256:6135D3C9956A00C22615E53D66085DABBE2FBB93DF7B0CDF5C4F7F7B3829F58B
                                                                                                                                                                                                        SHA-512:B27ABD8ED640A72424B662AE5C529CDDA845497DC8BD6B67B0B44AE9CDD5E849F627E1735108B2DF09DD6EF83AD1DE6FAA1AD7A6727B5D7A7985F92A92CA0779
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..............;. .N.T.P.R.I.N.T...I.N.F. .(.f.o.r. .W.i.n.d.o.w.s. .S.e.r.v.e.r. .2.0.0.3. .f.a.m.i.l.y.).....;.....;. .L.i.s.t. .o.f. .s.u.p.p.o.r.t.e.d. .p.r.i.n.t.e.r.s.,. .m.a.n.u.f.a.c.t.u.r.e.r.s.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....P.r.o.v.i.d.e.r.=.".M.i.c.r.o.s.o.f.t.".....C.l.a.s.s.G.U.I.D.=.{.4.D.3.6.E.9.7.9.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s.=.P.r.i.n.t.e.r.....C.a.t.a.l.o.g.F.i.l.e.=.n.t.p.r.i.n.t...c.a.t.....D.r.i.v.e.r.I.s.o.l.a.t.i.o.n.=.2.....D.r.i.v.e.r.V.e.r.=.0.6./.2.1./.2.0.0.6.,.6...1...7.6.0.0...1.6.3.8.5.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....".M.i.c.r.o.s.o.f.t.".=.M.i.c.r.o.s.o.f.t.,.N.T.a.m.d.6.4.........[.M.i.c.r.o.s.o.f.t...N.T.a.m.d.6.4.].....".{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.". .=. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.,. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\printer.ico

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10134
                                                                                                                                                                                                        Entropy (8bit):5.364629779133003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                                                                                                                        MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                                                                                                                        SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                                                                                                                        SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                                                                                                                        SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupd.gpd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17415
                                                                                                                                                                                                        Entropy (8bit):4.618177193109944
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:U1EQCr2g2t2g2F2s2J2m2p2z2ZOgoNJUTIZah25Dy:3oLILwfcV86ZO3eTIZzy
                                                                                                                                                                                                        MD5:8EE7FD65170ED9BD408E0C821171B62A
                                                                                                                                                                                                        SHA1:9D14A87A049C3B576CEC4B28210F0C95B94E08E0
                                                                                                                                                                                                        SHA-256:EE1E4D9869188CC3FA518C445ECF071845E5BD8BE56767A9F7F7DD3ACE294BA5
                                                                                                                                                                                                        SHA-512:5740AB3545D2217BA2156C58BA9AF6681D73116AB5DFBEAA5AB615D9CD0C77716C25865E67188E9D7892B340776755D4CBB1A3E98FAEAF8B6BB4B2CCA00D8AE6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*GPDSpecVersion: "1.0"..*GPDFileVersion: "1.0"..*GPDFileName: "***.GPD"..*Include: "STDNAMES_VPD.GPD"..*ModelName: "****"..*MasterUnits: PAIR(40800, 117600)..*ResourceDLL: "UNIRES_VPD.DLL"..*PrinterType: PAGE..*MaxCopies: 99....*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }.. *Option: LANDSCAPE_CC270.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: AUTO...*Option: AUTO.. {.. *rcNameID: =AUTO_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "".. }.. }.. *Option: CASSETTE.. {.. *rcNameID:

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupd.ini

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.479503224130279
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:z8ANyq3jIZc:z8cy2wc
                                                                                                                                                                                                        MD5:610DFCD7FF61B76DAAC9DDC3CDAA64A9
                                                                                                                                                                                                        SHA1:343A63A7E2B0617F30B94E15E236DF7892FE722D
                                                                                                                                                                                                        SHA-256:7BA0ACE1E899C38CB5E8BF303868C0AB4B9890D536009CF21C958B114888DFA3
                                                                                                                                                                                                        SHA-512:D8095398ACC9DE610E42EAB655145BBACB09AE2D460906F9B490E48947EA802795C00CBFA3C674CDCC344D8A64FD63961D2D4A8999E0F0BADAFD3E367FE8B495
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[OEMFiles] ..OEMConfigFile1=rupdui.dll ..

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupd.lng

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98650
                                                                                                                                                                                                        Entropy (8bit):4.192473934109759
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                                                                                                                        MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                                                                                                                        SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                                                                                                                        SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                                                                                                                        SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36320
                                                                                                                                                                                                        Entropy (8bit):6.363095921735073
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:/ek2AuDHuROuyVrGWngM328PAh8bWgs5fLutlfpPKgPH:foebh8bRs5zutJx5
                                                                                                                                                                                                        MD5:DA9CC6631ECEDCF3819332552F1EB449
                                                                                                                                                                                                        SHA1:161B227A23E87E4D7A7F59CF12AB87CB8D5D41A9
                                                                                                                                                                                                        SHA-256:363C85F73AD85F041BBAFB141B8EF1B7BD7A1268DA6B39F96D81582303C9ABE3
                                                                                                                                                                                                        SHA-512:29262D594D4112577F60CAB26698731381FB19BC0AF28BAAF1A2F07951617FE71F8BC7AF30E330F7A936BC3531CF9BCC58B00C0AA86B8C28AB558DA845E62EE0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.....................i'......i1......i6.........z....i!.............i ......i;..............i&......i#.....Rich............PE..d...O0.\.........." .....V...........P....................................................@..........................................d..W....[..................`....l...!.......... ................................................................................text...GU.......V.................. ..`.data...4....p.......Z..............@....pdata..`............b..............@..@.rsrc................f..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):204768
                                                                                                                                                                                                        Entropy (8bit):5.825387232540853
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:pZN5YrUYkIih2FJ5tmN8DNWcpQOw9Tsk1n1WOA6uBgmW:pZNhfxh2FTpWO2T/1WOA6uc
                                                                                                                                                                                                        MD5:75C636087E541A9524752F1DF66AAB99
                                                                                                                                                                                                        SHA1:C33E55AF6F92D48BE994F1999193CCD9F1C586BE
                                                                                                                                                                                                        SHA-256:EA37728ABE1401F32F01C113701EAA447380B65E58934AB0360113CA86CA1FF6
                                                                                                                                                                                                        SHA-512:9A871DF80660DA09F7297D69ECAADAC13F03DDCD298F5300E83C194A394EEC990743FCE5B6B3554BC0123CE96D1F3D5F124344B7E5247D282D540D853BC11C3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................dD....\....c....^....b..........R.......5Zf...5Zb...5Z_....X........5Z]...Rich...........................PE..d...80.\.........." .................~....................................................`.........................................@H..l....H..........(.......<........!..............................................p............................................text...=........................... ..`.rdata..............................@..@.data...ph...`.......@..............@....pdata..<............X..............@..@.rsrc...(............n..............@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):102880
                                                                                                                                                                                                        Entropy (8bit):6.071756563190581
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:PFqz35CEMCZFwsbn60NhoBGO9otLJx39aHXI0OYWusz+xn:9wJ3MGimnrhoAOkNa3I0OYWtzu
                                                                                                                                                                                                        MD5:D0F22AFD5EAD9FFF432BE5746F2F989A
                                                                                                                                                                                                        SHA1:D83187AAAFD3BE638457E79961E54F22AFAD81F3
                                                                                                                                                                                                        SHA-256:C57FC5CFD1FA1241849AB423B49CE04D2EC361D2972204A2A9D7039D7100A8D7
                                                                                                                                                                                                        SHA-512:F2B0B06FB47775DFA448034953B4E5B97770F384978112FBAA7F1F1EF2EB37875634F963DB2E9515B4678DF63E314FBCE26D1A6A958C3DBC5C57E1CD32593D31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.."..."..."..+.l.."...st.."...sK.."...sv.."...sJ.."...Z8.."..."..."....N.."...pp.."..."<.."....u.."..Rich."..................PE..d...H0.\.........."............................@..........................................`..................................................[..........|............p...!..............8............................8..p...............P............................text...=........................... ..`.rdata..&g.......h..................@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc................d..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\stdnames_vpd.gpd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14366
                                                                                                                                                                                                        Entropy (8bit):4.1817849062232195
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:NjThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:yFzOnS7z0
                                                                                                                                                                                                        MD5:7162D8977515A446D2C1E139DA59DED5
                                                                                                                                                                                                        SHA1:952F696C463B8410B1FA93A3B2B6DAE416A81867
                                                                                                                                                                                                        SHA-256:2835A439C6AE22074BC3372491CB71E6C2B72D0C87AE3EEE6065C6CAADF1E5C8
                                                                                                                                                                                                        SHA-512:508F7CA3D4BC298534AB058F182755851051684F8D53306011F03875804C95E427428BD425DD13633EEC79748BB64E78AAD43E75B70CC5A3F0F4E6696DBB6D8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires_vpd.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):487904
                                                                                                                                                                                                        Entropy (8bit):6.3408335931113395
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:EgjhSyqP1a/eVqxFxNCAiG3XyJ/2TxbfsEkhy+0F+K8lJrZdwwSvm:EglSTPaRxFdLXyJ/ebEEkx0rqJduw
                                                                                                                                                                                                        MD5:CF36C1CFF0210B423921398E8AEF1C59
                                                                                                                                                                                                        SHA1:85F694BAC2B4E2D724542AB518C7BF6C5361AD3E
                                                                                                                                                                                                        SHA-256:45230CA1752B1FD2901708A45E7CC6F1370F65C495D30B08D9F1CE4C8BEAF6FA
                                                                                                                                                                                                        SHA-512:925067AD750F6A01FA0C31DBD876088BB65C36AB8C0889A3A52F0D452154D2BE8284E1077BA1553E06DEAE2181F437E077F13D5FAFD8AD5A3F6C9FC417CB774F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................&.....7.......W.... .....0.....!.....:...d......'....."....Rich............................PE..d...w.[J.........." .........8......d..........t..........................................@..........................................4..........x....p.......@...(...P...!...........!..8............................................0...............................text...O........................... ..`.rdata.......0......................@..@.data...x.... ......................@....pdata...(...@...*..................@..@.rsrc........p.......B..............@..@.reloc...............F..............@..B..[J@...+.[JK.....[JU.....[Jb...+.[JK.....[Jo.....[Jy...........msvcrt.dll.NTDLL.DLL.WINSPOOL.DRV.KERNEL32.dll.ole32.dll.GDI32.dll..............................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.hlp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21225
                                                                                                                                                                                                        Entropy (8bit):3.9923245636306675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                                                                                                                        MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                                                                                                                        SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                                                                                                                        SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                                                                                                                        SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):892896
                                                                                                                                                                                                        Entropy (8bit):6.044545103599267
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:hpvsrQZu8F/bY6Pgx2B8UNG2Ql20gcwtH2qMP23so7:JZ5F/bYogxJUB9cwtHFMD0
                                                                                                                                                                                                        MD5:D77628FCE2A09AD76889E3300150F99C
                                                                                                                                                                                                        SHA1:2280483371D679437901EDBCDEC0D11F057AF5E8
                                                                                                                                                                                                        SHA-256:9E1BE3FFE0AB8B8D3B6AA964AA9F752E850304A212BCE124C50AB08F1259CC0B
                                                                                                                                                                                                        SHA-512:BB8A28BB61321E5B414E1BC2C9267D38E2676AC1BE8DF27A9A747CB7F7CFE97C1DBFF6C723DC958BE594BE38312172DAF7243B47C25AF2C1D377EA76C423A0A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y'..I...I...I..`...I..`...I...H.R.I..`...I..`...I..`...I..`...I...7...I..`...I..`...I.Rich..I.................PE..d.....[J.........." .....$...V.................v....................................G.....@........................................../..{.... .................../...~...!..........`...................................................0............................text...[".......$.................. ..`.data....5...@...0...(..............@....pdata.../.......0...X..............@..@.rsrc...............................@..@.reloc..0............j..............@..B..[J`...+.[Jk...5.[Ju.....[J......[J......[J....+.[Jk.....[J......[J......[J......[J............msvcrt.dll.NTDLL.DLL.RPCRT4.dll.ole32.dll.USER32.dll.KERNEL32.dll.VERSION.dll.WINSPOOL.DRV.GDI32.dll.OLEAUT32.dll...............................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):771040
                                                                                                                                                                                                        Entropy (8bit):5.631799273811714
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:rkozBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLC:dzBEGbL4Np84TQazCSiRC
                                                                                                                                                                                                        MD5:2AC9DA11C87F558D785924C5E814A6C2
                                                                                                                                                                                                        SHA1:6EDF8B0224B9D2F666E2DB4E093703508DABF512
                                                                                                                                                                                                        SHA-256:4CC04BFD8ED79191FAF1520B3ABA80B45E2EEB653D7C48A960CD18A59C04E001
                                                                                                                                                                                                        SHA-512:C4DA961C9C6A3AB586B8FDAFDF8D4C59A48D902E4300925B28E275DF1168E6FC1C2D51E4EB1E07429401090ABB4FD97AC7AC96E78DE50EBAC887B6007C1F4D3A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u..E...E...E...Ll..D...Ll..D...RichE...................PE..d.....[J.........." ..........................@...........................................@.............................................................0................!...........................................................................................rsrc...............................@..@........................................0...8.......P.......................@...........................................r.......s...x...t...8...u.......v.......w...0...x.......y...........(...............................X.......(...............................h...............P....................................................................................................... .......8.......P.......h............................................................................................... .......0...

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):356528
                                                                                                                                                                                                        Entropy (8bit):5.917051105867173
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:0g5dgFfqaKFJyHrByeUIRAHq0KzS9OAgfVgYCDlSv:0OdcUIRAHqAeX0a
                                                                                                                                                                                                        MD5:BDD8AE768DBF3E6C65D741CB3880B8A7
                                                                                                                                                                                                        SHA1:91B01FD48A586822C1D81CA80B950F8639CCE78C
                                                                                                                                                                                                        SHA-256:602ADD77CBD807D02306DE1D0179CB71A908EECB11677116FC206A7E714AB6D6
                                                                                                                                                                                                        SHA-512:7840554A66F033E556CF02772B8B3749C593657CA254E0F2DBD93B05F4600E11BA821EBA8FC038115C038B5E5AF2F8D2CF0A5AE1F1362E813CF0B5041BBBFF94
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.@.'.@.'.@....!.@.a...#.@.....&.@.a...%.@.a...*.@.a.../.@..P.. .@.'.A.T.@.a...6.@.a...&.@.a...&.@.a...&.@.Rich'.@.........PE..d...}.OR.........." .....n...........L...................................................`..............................................>...D.......P..........."...2...>...`......................................`...p............................................text....l.......n.................. ..`.rdata...............r..............@..@.data...x....`.......F..............@....pdata...".......$..................@..@minATL.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):455328
                                                                                                                                                                                                        Entropy (8bit):6.698367093574994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                        MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                        SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                        SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                        SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):970912
                                                                                                                                                                                                        Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                        MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                        SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                        SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                        SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\ntprint.inf

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9698
                                                                                                                                                                                                        Entropy (8bit):3.8395767056459316
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT
                                                                                                                                                                                                        MD5:6476F7217D9D6372361B9E49D701FB99
                                                                                                                                                                                                        SHA1:E1155AB2ACC8A9C9B3C83D1E98F816B84B5E7E25
                                                                                                                                                                                                        SHA-256:6135D3C9956A00C22615E53D66085DABBE2FBB93DF7B0CDF5C4F7F7B3829F58B
                                                                                                                                                                                                        SHA-512:B27ABD8ED640A72424B662AE5C529CDDA845497DC8BD6B67B0B44AE9CDD5E849F627E1735108B2DF09DD6EF83AD1DE6FAA1AD7A6727B5D7A7985F92A92CA0779
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..............;. .N.T.P.R.I.N.T...I.N.F. .(.f.o.r. .W.i.n.d.o.w.s. .S.e.r.v.e.r. .2.0.0.3. .f.a.m.i.l.y.).....;.....;. .L.i.s.t. .o.f. .s.u.p.p.o.r.t.e.d. .p.r.i.n.t.e.r.s.,. .m.a.n.u.f.a.c.t.u.r.e.r.s.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....P.r.o.v.i.d.e.r.=.".M.i.c.r.o.s.o.f.t.".....C.l.a.s.s.G.U.I.D.=.{.4.D.3.6.E.9.7.9.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s.=.P.r.i.n.t.e.r.....C.a.t.a.l.o.g.F.i.l.e.=.n.t.p.r.i.n.t...c.a.t.....D.r.i.v.e.r.I.s.o.l.a.t.i.o.n.=.2.....D.r.i.v.e.r.V.e.r.=.0.6./.2.1./.2.0.0.6.,.6...1...7.6.0.0...1.6.3.8.5.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....".M.i.c.r.o.s.o.f.t.".=.M.i.c.r.o.s.o.f.t.,.N.T.a.m.d.6.4.........[.M.i.c.r.o.s.o.f.t...N.T.a.m.d.6.4.].....".{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.". .=. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.,. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\printer.ico

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10134
                                                                                                                                                                                                        Entropy (8bit):5.364629779133003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                                                                                                                        MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                                                                                                                        SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                                                                                                                        SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                                                                                                                        SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupd.gpd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17415
                                                                                                                                                                                                        Entropy (8bit):4.618177193109944
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:U1EQCr2g2t2g2F2s2J2m2p2z2ZOgoNJUTIZah25Dy:3oLILwfcV86ZO3eTIZzy
                                                                                                                                                                                                        MD5:8EE7FD65170ED9BD408E0C821171B62A
                                                                                                                                                                                                        SHA1:9D14A87A049C3B576CEC4B28210F0C95B94E08E0
                                                                                                                                                                                                        SHA-256:EE1E4D9869188CC3FA518C445ECF071845E5BD8BE56767A9F7F7DD3ACE294BA5
                                                                                                                                                                                                        SHA-512:5740AB3545D2217BA2156C58BA9AF6681D73116AB5DFBEAA5AB615D9CD0C77716C25865E67188E9D7892B340776755D4CBB1A3E98FAEAF8B6BB4B2CCA00D8AE6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*GPDSpecVersion: "1.0"..*GPDFileVersion: "1.0"..*GPDFileName: "***.GPD"..*Include: "STDNAMES_VPD.GPD"..*ModelName: "****"..*MasterUnits: PAIR(40800, 117600)..*ResourceDLL: "UNIRES_VPD.DLL"..*PrinterType: PAGE..*MaxCopies: 99....*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }.. *Option: LANDSCAPE_CC270.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: AUTO...*Option: AUTO.. {.. *rcNameID: =AUTO_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "".. }.. }.. *Option: CASSETTE.. {.. *rcNameID:

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupd.ini

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.479503224130279
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:z8ANyq3jIZc:z8cy2wc
                                                                                                                                                                                                        MD5:610DFCD7FF61B76DAAC9DDC3CDAA64A9
                                                                                                                                                                                                        SHA1:343A63A7E2B0617F30B94E15E236DF7892FE722D
                                                                                                                                                                                                        SHA-256:7BA0ACE1E899C38CB5E8BF303868C0AB4B9890D536009CF21C958B114888DFA3
                                                                                                                                                                                                        SHA-512:D8095398ACC9DE610E42EAB655145BBACB09AE2D460906F9B490E48947EA802795C00CBFA3C674CDCC344D8A64FD63961D2D4A8999E0F0BADAFD3E367FE8B495
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[OEMFiles] ..OEMConfigFile1=rupdui.dll ..

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupd.lng

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98650
                                                                                                                                                                                                        Entropy (8bit):4.192473934109759
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                                                                                                                        MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                                                                                                                        SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                                                                                                                        SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                                                                                                                        SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdpm.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):34272
                                                                                                                                                                                                        Entropy (8bit):6.279189104394536
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:sPE2+V5RqtDLvnmQ67I+Ud26uiGKjjAVAjXzjrMishb8pL4g2t4Qh5ZSZwJdLSZb:s2gnH6sDGuB3jrRpLr2t4QhvpPKgCv
                                                                                                                                                                                                        MD5:52B7FE7D8EB30DB65D821F513C99532A
                                                                                                                                                                                                        SHA1:2D29A4B71DA3992352AFD2C49E0234C93DD993AC
                                                                                                                                                                                                        SHA-256:49898528597E2423086D53F9639068AF46D060EB2ABDFEEE7D28CE069CF86F91
                                                                                                                                                                                                        SHA-512:7EF81871AF993327792EBFE5920E464120F9088E9E55971ABE04B77FA4E75365B24898954B27972A6A74DA622CD1088094E3952E5939CB844AC9A063DF3BD703
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......pZ.Y4;..4;..4;...4..:;..=C'.<;..=C6.9;..4;...;..=C!.7;..=C .5;..=C1.q;......5;..=C&.5;..=C#.5;..Rich4;..........PE..L...L0.\...........!.....F...........D.......`......................................Uz....@..........................U..W....M.......p...............d...!..........................................@...@...............t............................text....E.......F.................. ..`.data...\....`.......J..............@....rsrc........p.......P..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdui.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):160224
                                                                                                                                                                                                        Entropy (8bit):6.183469966253267
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:TYmfMb3REEgw5ojOfC0ZV1AxNjwE0cqR4n2AMNR0wmlmo+W+DAeU:Xfso0ZV12Njwhcqy2AMNxwzEA1
                                                                                                                                                                                                        MD5:91EF01D7DFB11B218B67DB346562161F
                                                                                                                                                                                                        SHA1:F27B8A35BA7630C6AA26E21872CA1EE706642D1B
                                                                                                                                                                                                        SHA-256:48BA5C22A72132A140A881A62B20CE778DDB1B6E495BCD23FAAFC43FB01FB3B1
                                                                                                                                                                                                        SHA-512:FE3AC0AF8822780CA36F1BB9A9E1F5E4168E61415E4CCE8CC20F8E402D9E5EA9F53E5B2F0680C65213D81C04A3193BF2D85C0BAF3256009549D01319B18D9247
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.q.\.q.\.q..h..].q....._.q.....P.q.....X.q.....T.q.U...].q.\.p..q.U...K.q..V..V.q..V..D.q..V..].q.Q...].q.\...].q..V..].q.Rich\.q.........PE..L....0.\...........!.....L...N.......0.......`.......................................^....@.............................l...............(............P...!......@ ..................................Xz..@............`...............................text....J.......L.................. ..`.rdata..DC...`...D...P..............@..@.data....\..........................@....rsrc...(...........................@..@.reloc..@ ......."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\setupdrv.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):88032
                                                                                                                                                                                                        Entropy (8bit):6.425120133434353
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Df1NQO+vd2nRnm4Mxcdn/2hYN7ZOdrkgUzinLnx9oxGcZ:Jo2nRmxcFe5xNUz8D8
                                                                                                                                                                                                        MD5:243C54EF85CA15238782BE036632E0C5
                                                                                                                                                                                                        SHA1:93358BA47E32F9B7513ACD2A27E3F86C9F037497
                                                                                                                                                                                                        SHA-256:00ED874B46999FC5E48F145B9DF3792EA7204FFF3DB28EE035BAF2EFB8DD9902
                                                                                                                                                                                                        SHA-512:C9EE7E75F4BBB5934D1A0344375C68AE8B2A229857E7A3B0D1AED0A7CFFCD074F4D502B7D1B13928E793FE69A6ACC056D3CF98011FABE3B21E513D2E9D943B2D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G..&...&...&....^..&...wF..&...wy..&...wD..&...wx..&...^...&...&..0&..$.|..&...tB..&...&...&..$.G..&..Rich.&..........PE..L...C0.\.....................n....................@..........................p............@.................................t........@..|............6...!...P..........8...........................`...@............................................text............................... ..`.rdata...F.......H..................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\stdnames_vpd.gpd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14366
                                                                                                                                                                                                        Entropy (8bit):4.1817849062232195
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:NjThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:yFzOnS7z0
                                                                                                                                                                                                        MD5:7162D8977515A446D2C1E139DA59DED5
                                                                                                                                                                                                        SHA1:952F696C463B8410B1FA93A3B2B6DAE416A81867
                                                                                                                                                                                                        SHA-256:2835A439C6AE22074BC3372491CB71E6C2B72D0C87AE3EEE6065C6CAADF1E5C8
                                                                                                                                                                                                        SHA-512:508F7CA3D4BC298534AB058F182755851051684F8D53306011F03875804C95E427428BD425DD13633EEC79748BB64E78AAD43E75B70CC5A3F0F4E6696DBB6D8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires_vpd.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):383968
                                                                                                                                                                                                        Entropy (8bit):6.6511922978509315
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:9plBo/TK5C+psQzJzCSX6hjg+4GRr3CoA7f3j5G+hinZ5P31uGX7Zum8oyk7lAT8:Z0/djgEUhWnJ2UlxqOttoICvPn/318SW
                                                                                                                                                                                                        MD5:49A0A7C3E3F5DF3DDE7121109F1C9C21
                                                                                                                                                                                                        SHA1:716DA115C392CA06379A33079A54722800C13054
                                                                                                                                                                                                        SHA-256:CA38185341294720808A389C34D45FAF2EF7962A7D45AC7696823A6D05B45072
                                                                                                                                                                                                        SHA-512:9BBD8C585E42EC50D6FA9A38BCD39720F7A4F4730A1C8EECC3C5ECBADAFDFD6120D7FCAFA9A319F8D94FC962F537BD0B50EB7CAE614F5116B55D330F7FCE0118
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3g..3g..3g..:.;.4g..3g...g..:.=.8g..:.<.2g..:.-..g..:.*.sg.....2g..:.:.2g..:.?.2g..Rich3g..........................PE..L...$.[J...........!................-..............m................................].....@....................................x........................!..............8............................t..@.......|.......`............................text...k........................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..Bo.[J8...K.[JC.....[JP.....[J].....[Jg.....[Jq...........msvcrt.dll.WINSPOOL.DRV.KERNEL32.dll.NTDLL.DLL.ole32.dll.GDI32.dll..............................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.hlp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21225
                                                                                                                                                                                                        Entropy (8bit):3.9923245636306675
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                                                                                                                        MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                                                                                                                        SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                                                                                                                        SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                                                                                                                        SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrvui_rupd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):756192
                                                                                                                                                                                                        Entropy (8bit):6.198619685669809
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:llIoM3g2e9Bg7Lg3yfKDPc97QpAxuKdwSGnZGxS:lvM36KkyCLW7QCwSGoS
                                                                                                                                                                                                        MD5:D66F58A5DF5AADDD348CB06B9326B84D
                                                                                                                                                                                                        SHA1:56B390BBB29DAEFE3171491D5697986A7D7AA0B3
                                                                                                                                                                                                        SHA-256:30D2605C283885C99E3F97D876989DE9E34380B20CF01D24DFDBE4CB50C92603
                                                                                                                                                                                                        SHA-512:5F0BF8698AE8809AF13D7E1504C1BF50BCDEC5C146A0AFA9F78174448E2D9A61AA83589C7836B452F3F9029FFBAAB8902138791EBFAD0EEB31B687A9EF7716BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..wf..$f..$f..$o.%$n..$f..$...$o.#$u..$o.3$8..$o."$g..$o.4$...$AZ.$g..$o.$$g..$o.!$g..$Richf..$................PE..L......L...........!.....2...2......e........@....(p................................K$....@.............................{....3.......p...............h...!...`...0...@..8...............................@............................................text...E1.......2.................. ..`.data........P.......6..............@....rsrc........p.......T..............@..@.reloc...0...`...2...6..............@..B..LX......Lc...o..Ln...&..Lx.....L....n..L....%..L....K..L.......L....r..L............msvcrt.dll.RPCRT4.dll.ole32.dll.USER32.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.WINSPOOL.DRV.GDI32.dll.OLEAUT32.dll.......................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unires_vpd.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):771040
                                                                                                                                                                                                        Entropy (8bit):5.630737263013527
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:UkoGBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLz:kGBEGbL4Np84TQazCSiRz
                                                                                                                                                                                                        MD5:41933A3BF1A30E05DC81ACCDA893E2B9
                                                                                                                                                                                                        SHA1:3C99CC28A6DB76000E3A31DC93C76AE18E2CD20D
                                                                                                                                                                                                        SHA-256:9C5CDC7BE14F3D404423EF9A8EA5A3EDC0157AA5F96F428FE7D857CE5F312FA2
                                                                                                                                                                                                        SHA-512:C5101249DB23080D76264505BF2DFCD636D99509E2DAA0CF601D5E997D145BF71721C2CFDB05AE0AFFD64317F7585040B2F7B48467367542C89D0F1F40F41D03
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u..E...E...E...Ll..D...Ll..D...RichE...................PE..L......L...........!..............................@.......................................@.............................................................!...........................................................................................rsrc...............................@..@........................................................0...8.......P.......................@...........................................r.......s...x...t...8...u.......v.......w...0...x.......y...........(...............................X.......(...............................h...............P....................................................................................................... .......8.......P.......h............................................................................................... .......0...

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\vccorlib120.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):247984
                                                                                                                                                                                                        Entropy (8bit):6.601853231729306
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:+SsS5fv6EATwqlGwyfDyodYI3ZubfW5nb2PQuW0x:+I5fv6EATwqlGwyfDyodYI3Zv1C
                                                                                                                                                                                                        MD5:69837E50C50561A083A72A5F8EA1F6A2
                                                                                                                                                                                                        SHA1:1A4B4C6C3CB6A5164CC1018AC72D0300455B3D8F
                                                                                                                                                                                                        SHA-256:9C9D4E421C55F7EF4E455E75B58A6639428CCD75C76E5717F448AFE4C21C52BC
                                                                                                                                                                                                        SHA-512:FD20C6B4EEC972C775681AD7322769D5074108D730727051EF77D779A277D77B12419E1FEE1E2EC0CF376A235573A85AD37975245DBF078DE467953AFD02164A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0p..Q..Q..Q..)..Q......Q......Q......Q......Q..P...Q..Q...Q......Q......Q......Q......Q..Rich.Q..........PE..L....OR.........."!.................4...............................................:....@.............................e=...A.......`...................>...p...R..0................................/..@............@...............................text............................... ..`.data...xp.......n..................@....idata.......@......."..............@..@minATL.......P.......0..............@..@.rsrc........`.......2..............@..@.reloc...R...p...T...6..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\eventmsg.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):53560
                                                                                                                                                                                                        Entropy (8bit):6.504835643855465
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:wsmrWdCS5PvBHOUYTKJgr0OMpqdBwFrGjYqSwCpRAMxkE1:wza/pu/TKJ/OMpTryYfwc5x5
                                                                                                                                                                                                        MD5:B2E6147F97DAE696265A089F98CE8106
                                                                                                                                                                                                        SHA1:418F20EC486B7A9368CEFF183E7CEBAE9BA52101
                                                                                                                                                                                                        SHA-256:44917B2C260FEA3A0F4691F6E986C25E31B3F9FF22DCD055526199B4D8A54051
                                                                                                                                                                                                        SHA-512:789DD02281B71FAB54F42B92B5C0C76C0266C40100DBE532AD3EBBF968E8A9E674F0BE57E2FFDB10EB4A6B4FAA15A6A6A92907C020C6CD2990427D890D7F5026
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...q.7`.....................$...................@..........................`......i................................ ..q............P..................8!...@..................................................................$....................text............................... ..`.itext.............................. ..`.data...<...........................@....bss.....5...............................idata..............................@....didata.$...........................@....edata..q.... ......................@..@.rdata..E....0......................@..@.reloc.......@......................@..B.rsrc........P......................@..@.............`......................@..@........................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\libeay32.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1389368
                                                                                                                                                                                                        Entropy (8bit):6.858641353727598
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:2NaU+KpPikndiNfzN4jH3PlMQzMjYpOtJqTp/kqg1:+lUfzN4jH3PlyjYpOLqd/kP1
                                                                                                                                                                                                        MD5:B0433711581916700978618558131929
                                                                                                                                                                                                        SHA1:6513C7C14F19FA37C73926FC098A9DA678621E04
                                                                                                                                                                                                        SHA-256:26B24DCD9CB7AB8761AE7FB597704F81E2A6EDE6572A247C39A969960DBBA539
                                                                                                                                                                                                        SHA-512:A1D8BCD4B641B5E54A4435A70E19A56ECCE6DC9C7D9B6FC28F7829DE96D139C9CFD10F35F096529F8D33583BEA8FFE1B6C2636F2710D9D01F1A7513F77DB8589
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lU.*(4.y(4.y(4.y!L<y.4.y!L-y34.y(4.y.4.y...y#4.y(4.y=4.y!L;y.6.y!L*y)4.y!L,y)4.y!L)y)4.yRich(4.y................PE..L...#..]...........!.................................................................d...............................A.......6..x.......0...............8!..........p...................................@...............(............................text............................... ..`.rdata..XY.......Z..................@..@.data............t..................@....rsrc...0............Z..............@..@.reloc..,............`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10931000
                                                                                                                                                                                                        Entropy (8bit):6.790449999326776
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:196608:mY28xa5k15O2/w9DcmIHsZYk3BL5tksbmd:mY28xZh/xcY6LtbA
                                                                                                                                                                                                        MD5:6AAE165F3B1575DB887A0370CFC80083
                                                                                                                                                                                                        SHA1:18BC72662B4366035932719EF131417AACF9C184
                                                                                                                                                                                                        SHA-256:0C89262A283C80121BA1176345B230D0ADE61CFCF682B92E555A48206FB4074A
                                                                                                                                                                                                        SHA-512:666F1A5C6B0C7A5315D70EB0D75DA6232105E5673B44F6137BE4B10377B8D07C21720D05360CC653F543657478B08EEE1D95DB5FB1CB8D82D5C2A0F2FF68E7C7
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: ditekSHen
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...,.9e.................z...,&...................@................................7.....@......@...................p..........*W.....d...............8!.......D.....................................................8.......Dt...................text............ .................. ..`.itext...X...0...Z...$.............. ..`.data...p<.......>...~..............@....bss....................................idata..*W.......X..................@....didata.Dt.......v..................@....edata.......p......................@..@.tls....h................................rdata..]...........................@..@.reloc...D.......F..................@..B.rsrc...d.........................@..@.....................p..............@..@................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21148984
                                                                                                                                                                                                        Entropy (8bit):6.620129778488873
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:196608:Sd9U0CaHFxbNvfkPrWcrKZPYOrnnGdDoFI0wb6AIALUKyL5w2kEdyMZNAxa:Sd9U0HxxUPzoPGUAIALUKy/L
                                                                                                                                                                                                        MD5:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        SHA1:235BA3847DF3F39AD445B5B912CB2FB5224D9E59
                                                                                                                                                                                                        SHA-256:760E2FD3E57186B597D40B996811768E6C4A28CA54685E029104FCF82F68238D
                                                                                                                                                                                                        SHA-512:A717E916E9D881970694856F79F0E571B95C350F0B771027188DC9B27AB99C193149D4FE0E32CB4638C840340EB1DBD7FBF7458A58985A3E5BE7DA3345CD86C6
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: ditekSHen
                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...8.9e.................&...jR......>.......@....@...........................O......HC...@......@..............................._......T.9...........B.8!......0...................................................(................................text...`........................... ..`.itext..4........................... ..`.data...$G...@...H...*..............@....bss.... ................................idata..._.......`...r..............@....didata.............................@....edata...............V..............@..@.tls....h................................rdata..]............X..............@..@.reloc..0............Z..............@..B.rsrc...T.9.......9..x..............@..@..............?.......2.............@..@................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\ssleay32.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):346424
                                                                                                                                                                                                        Entropy (8bit):6.566551582367787
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:f6MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1PiH:f6MNzVgz1LgXCpfoaDqHojjYkARqPL0Z
                                                                                                                                                                                                        MD5:74F9696BE4B46F04A1263C3181405C35
                                                                                                                                                                                                        SHA1:CF66B349BEAA2BC25ED5807763E32018E4304C7B
                                                                                                                                                                                                        SHA-256:D6E8BEE1A9476ED3BE229F4BE81CC1154F1ED425E50E74FD1ABCD76C56EA062C
                                                                                                                                                                                                        SHA-512:F122E00B795476809994733028346D82945566CE4C2BE26444F02E077658CCB1BA0F3FE221CEF37837941054FE4B3B54B3F9A74861F890E56544D1453823FD68
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`...3...3...3...3...3..f3...3..w3...3..q3...3...3i..3..a3...3..p3...3..v3...3..s3...3Rich...3........PE..L...#..]...........!.........l......i5..............................................y...............................@....).....<....0..0............(..8!...@...,..@...............................@...@............................................text...j........................... ..`.rdata..............................@..@.data....[.......@..................@....rsrc...0....0......................@..@.reloc...3...@...4..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\vp8decoder.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):389936
                                                                                                                                                                                                        Entropy (8bit):6.646719638285826
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:EIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwck:EI8tiDOzyH9H8Tu6h04fZMZoMPuvf6d
                                                                                                                                                                                                        MD5:C14000F68306F1CF0EC799DF9568AE01
                                                                                                                                                                                                        SHA1:788D8D7A0BA86BA6C7EF4F7AE50CDC65DDB348FF
                                                                                                                                                                                                        SHA-256:53B040341CE80F246C8437A99DF5252A48801E2154EB94DC50AF54A75D8D85AC
                                                                                                                                                                                                        SHA-512:2D4769949832794CE310474F843B696EA8EEB819554ECD72C449981988A6F8FBC5155D84A97D8A4C015348B3DFE6708F88C64B257D4A4D0D4A03DD068DDA4113
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................g......"............#.O...T8.....T8..................T8.....'....................Rich............................PE..L...v..T...........!..... ...........2.......0......................................................................@q.......q..........................0!.......(...1..8............................U..@............0...............................text............ .................. ..`.rdata...J...0...L...$..............@..@.data...H>...........p..............@....rodata.............................@..@.rsrc...............................@..@.reloc...(.......*..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\vp8encoder.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1641784
                                                                                                                                                                                                        Entropy (8bit):6.688224632605251
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:vSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwwwW:vSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSg
                                                                                                                                                                                                        MD5:30448DB0AAC5AC16D7AD789011BF8D20
                                                                                                                                                                                                        SHA1:457A43F6D2A0120C138DD9D57BCB64B21F84D9D7
                                                                                                                                                                                                        SHA-256:D781088435617CA1FACF74C1304F82AFCB388813A75C8CB32213541D35B21832
                                                                                                                                                                                                        SHA-512:300E3AE2AC133E2494C449354582AD9BE51731D3E92D161B998DB14262CC08436EEDDB2B73A2F47CB4D1245348055F19E02721638A64A0630F513D4919B359DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:J<A[$oA[$oA[$o...o@[$o...o.[$o...op[$o...o.[$o...oC[$o...oL[$oA[%o.[$oA[$op[$o...o@[$oL..o.[$oL..o@[$oL..o@[$oL..o@[$oRichA[$o................PE..L...}..T...........!.........>.......*...............................................!......................................(............7..............8!.............................................@............................................text............................... ..`.rdata..............................@..@.data...$r......."..................@....rodata.............................@..@.rsrc....7.......8...0..............@..@.reloc..............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\webmmux.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):267064
                                                                                                                                                                                                        Entropy (8bit):6.532234442351241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:zW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTD:zWSfr7sXSmPDbKPJ6/AsNk+N
                                                                                                                                                                                                        MD5:5E8673834662AC42B8363E19BC719282
                                                                                                                                                                                                        SHA1:BB1C1ED731830A03DB47D232E748DF4E4D196DB9
                                                                                                                                                                                                        SHA-256:A64A113955EC0D89AE6FF357F9BB1063C7DD29FE5610EE516A94AC17B11172C2
                                                                                                                                                                                                        SHA-512:3CF558B2D3CA03AED1EF0CFE36FB7FF3FE7A3AF63A4C3B0CB6CF13C58BAACAE17E5A01BAD743AFFAE8C4F5B9F5425DD4A97755ACA2DED99E70D782F699A9E225
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@~..!..!..!...p...!...p..!...p..+!..M...!..M...!..!...!..M...!..s..!..s..!..s..!..s..!..Rich.!..................PE..L...{..T...........!.........N.......k.......................................0......c[......................................4...x.......................8!......./..................................Ha..@...............l............................text............................... ..`.rdata..v...........................@..@.data....B......."..................@....rsrc...............................@..@.reloc.../.......0..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\webmvorbisdecoder.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):374584
                                                                                                                                                                                                        Entropy (8bit):6.776430632714067
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:saoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88Rt:ooPH0GgEp0gVd1ValsQXsH
                                                                                                                                                                                                        MD5:95D30B282132FB591FD5FDD94E52AF05
                                                                                                                                                                                                        SHA1:EB7ABE2F02C19EE41E4EFC2506337288141D70ED
                                                                                                                                                                                                        SHA-256:E6C04DC8359B2C76F765FCE37EC123D33ACBC5CE93E60022BA88EB7C867AC3F6
                                                                                                                                                                                                        SHA-512:9E4EA23519D243D6D3AE93D2501F05F35AA1CC6264ADB8F180F8A255BD35FB7996E110AC0EC7960FA0B93062BE45EB0C0922D9597E76EE8180781CC5C9A9C792
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Mm..,...,...,...}...,...}...,...}...,.......,.......,...,..,.......,...~...,...~...,...~...,...~...,..Rich.,..........................PE..L...t..T...........!................b................................................K....@..........................M......@N..d.......0...............8!......d&..................................p/..@...............T............................text...=........................... ..`.rdata...E.......F..................@..@.data...|<...`.......H..............@..._RDATA...............d..............@..@.rsrc...0............j..............@..@.reloc..d&.......(...n..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Program Files (x86)\Remote Utilities - Host\webmvorbisencoder.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):881464
                                                                                                                                                                                                        Entropy (8bit):5.2453925074994965
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:DTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRNl:cYF+Eyx2lzujtEIYRc1cQmsGa7ONl
                                                                                                                                                                                                        MD5:A663E7EF3F3CD7A1D4790B4EBF491C27
                                                                                                                                                                                                        SHA1:BFE086E653D0BC8D20ACAE61990BA4FA33F2A1F7
                                                                                                                                                                                                        SHA-256:8B1F95D7C0FDF25A6278347AFDA2F5AC4C86045C7FC530A330BE885D8A87EA68
                                                                                                                                                                                                        SHA-512:E78460C287646F509A50B878A34392546E01803A46C389E942073013A8292E3653713F2B6067842ECCCB09B7CDC13D1D9FFF76065AA61910FC3CEBE6A1C20C47
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A....u...u...u..C$G.3u..C$y.Iu..C$x..u...V..u...S..u...u..ju...H..u...'}.&u...'D..u...'C..u...'F..u..Rich.u..........................PE..L...s..T...........!.........R..............0......................................\.....@.........................`...........d....P..p............R..8!...`...D......................................@............0..T............................text...}........................... ..`.rdata.......0......."..............@..@.data...|<..........................@..._RDATA.......@......................@..@.rsrc...p....P......................@..@.reloc...D...`...F..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\Remote Utilities\Logs\rut_log_2024-02.html

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with CR line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5364
                                                                                                                                                                                                        Entropy (8bit):5.485641443773401
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:I0xccoJxML6RLidRLildgy99M/0bSOtfh/:IzcWS6pidpiHgyMMVtJ/
                                                                                                                                                                                                        MD5:F2E6FCC4D409479E68C5301C9A696197
                                                                                                                                                                                                        SHA1:48EBE4DB096CB4E318F3D69BEC6672FE13652035
                                                                                                                                                                                                        SHA-256:2A8CC3D804AA9FE8D87A392B4587D360B3DB47D0B88FDE34943AC395D13E803B
                                                                                                                                                                                                        SHA-512:4E818F5503CF118F80EF0DD6AFAB952F016BE24EBE56D34AEE23F56748361573C03472B194E982C32608973A730CCE525A13D0D1885023F213C691E4C7933131
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<head>.<meta http-equiv="content-type" content="text/html; charset=utf-8" />.<meta name="copyright" content="TektonIT" />.<meta name="description" content="Remote Manipulator System - Server software, event log. Tektonit.com" />.<title>Remote Utilities &ndash; ... ..</title>.<style type="text/css">.body {.font-family: Courier New, monospace;.font-size: 100%;.background-color: #FFFFFF;.} .h1 {.font-size: 130%;.margin: 0px 0px 0px 0px;.} .textarea {.display: none;.margin-top: 5px;.width: 100%;.} ..main_table td {.border: 1px dashed #DADADA;.} ..e_l_0 {.background-color: #4c4cff;.border: 1px solid red;.} ..e_l_1 {.background-color: #fff04c;.border: none;.} ..e_l_2 {.background-color: #ffa94c;.border: none;.} ..e_l_3 {.background-color: #fc2727;.border: none;.} .#log_header td {.font-weight: bold;.} .#subheader {.font-size: 70%;.color: #DADADA;.margin-bottom: 10px;.} .</style>.<script language="javascript">.function show_textarea(elem) {.var parent_node = elem.parentNode;.var nod

                                                                                                                                                                                                        C:\ProgramData\Remote Utilities\install.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):333
                                                                                                                                                                                                        Entropy (8bit):4.961347298932099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:HUc+jLmKRLQUUc+jLdd/ao+Uc+jLhHujHO7eVmUc+jLwmnXjKV+Uc+jLOLGeXkR+:0c+jfCvc+jDSoRc+j9Be7c+jRTmc+j6l
                                                                                                                                                                                                        MD5:57527D70DBA3E2FEB786357C144B5586
                                                                                                                                                                                                        SHA1:AFA68E6C5CC3FFA2E1B0148168C961B124B1FAB3
                                                                                                                                                                                                        SHA-256:85AEC0FB9F246A37363CD4FD1FAED3168DDC09901F700C7A4D1A6B6B3FA7625B
                                                                                                                                                                                                        SHA-512:01787D98D47BE918869D421405C8CFAB7D5AE0F8984E24BF6103614C8D2AC9A8A19468CD2E222EF4E69BBCD5CDE2FEB359113B2435C12C270F6886ED4792CA28
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:02-02-2024_09:37:08#T:SilentInstall: installation 70220..02-02-2024_09:37:08#T:SilentInstall: NTSetPrivilege:SE_DEBUG_NAME:false. OK..02-02-2024_09:37:08#T:SilentInstall: OpenService: service not found_1. OK..02-02-2024_09:37:08#T:SilentInstall: CreateService. OK..02-02-2024_09:37:08#T:SilentInstall: finished (installation) 70220..

                                                                                                                                                                                                        C:\ProgramData\Remote Utilities\msi\70220_{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\Exel.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Remote Utilities - Host 7.2 installation package, Comments: This installer contains the logic and data to install Remote Utilities - Host 7.2, Keywords: Installer,MSI,Database, Subject: Remote Utilities - Host 7.2, Author: Remote Utilities Pty (Cy) Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Wed Oct 25 17:17:52 2023, Create Time/Date: Wed Oct 25 17:17:52 2023, Last Printed: Wed Oct 25 17:17:52 2023, Revision Number: {BFB6CB81-8A2D-41FC-A737-5CF8EB370093}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22656000
                                                                                                                                                                                                        Entropy (8bit):7.906722436026202
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:WL2lXkXWYidpIsMLU9zQR5bFvt8uy+zZKKRa8n2o8lQKai847ZxNwb:WLY6G3Mgxmvtry+zxk8wTxNO
                                                                                                                                                                                                        MD5:DBC84F3FE9ECE7369D0FA36E34CE4844
                                                                                                                                                                                                        SHA1:37412165A73BCD574D7F2F34147F2A530FEB7936
                                                                                                                                                                                                        SHA-256:3E88E8A58C47562ED0FC4302BC22247C6D5282757CC18C316757475176FF48C1
                                                                                                                                                                                                        SHA-512:F0969CFB4B23050779391C852961E71A93C8CB1ED7378585FB573A15510D289F942286B7D302D9E352DC77CBE5A539307DC3EA923EC4A06895E072E36B815111
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...................Z...............8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?.......A...B...C...D...E...F...G...H...I...J...O...L...N...........P...Q...R...U...........V...Z...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Exel.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Remote Utilities - Host 7.2 installation package, Comments: This installer contains the logic and data to install Remote Utilities - Host 7.2, Keywords: Installer,MSI,Database, Subject: Remote Utilities - Host 7.2, Author: Remote Utilities Pty (Cy) Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Wed Oct 25 17:17:52 2023, Create Time/Date: Wed Oct 25 17:17:52 2023, Last Printed: Wed Oct 25 17:17:52 2023, Revision Number: {BFB6CB81-8A2D-41FC-A737-5CF8EB370093}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22656000
                                                                                                                                                                                                        Entropy (8bit):7.906722436026202
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:WL2lXkXWYidpIsMLU9zQR5bFvt8uy+zZKKRa8n2o8lQKai847ZxNwb:WLY6G3Mgxmvtry+zxk8wTxNO
                                                                                                                                                                                                        MD5:DBC84F3FE9ECE7369D0FA36E34CE4844
                                                                                                                                                                                                        SHA1:37412165A73BCD574D7F2F34147F2A530FEB7936
                                                                                                                                                                                                        SHA-256:3E88E8A58C47562ED0FC4302BC22247C6D5282757CC18C316757475176FF48C1
                                                                                                                                                                                                        SHA-512:F0969CFB4B23050779391C852961E71A93C8CB1ED7378585FB573A15510D289F942286B7D302D9E352DC77CBE5A539307DC3EA923EC4A06895E072E36B815111
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:......................>...................Z...............8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?.......A...B...C...D...E...F...G...H...I...J...O...L...N...........P...Q...R...U...........V...Z...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                        C:\Windows\Installer\49a7b6.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Remote Utilities - Host 7.2 installation package, Comments: This installer contains the logic and data to install Remote Utilities - Host 7.2, Keywords: Installer,MSI,Database, Subject: Remote Utilities - Host 7.2, Author: Remote Utilities Pty (Cy) Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Wed Oct 25 17:17:52 2023, Create Time/Date: Wed Oct 25 17:17:52 2023, Last Printed: Wed Oct 25 17:17:52 2023, Revision Number: {BFB6CB81-8A2D-41FC-A737-5CF8EB370093}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22656000
                                                                                                                                                                                                        Entropy (8bit):7.906722436026202
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:WL2lXkXWYidpIsMLU9zQR5bFvt8uy+zZKKRa8n2o8lQKai847ZxNwb:WLY6G3Mgxmvtry+zxk8wTxNO
                                                                                                                                                                                                        MD5:DBC84F3FE9ECE7369D0FA36E34CE4844
                                                                                                                                                                                                        SHA1:37412165A73BCD574D7F2F34147F2A530FEB7936
                                                                                                                                                                                                        SHA-256:3E88E8A58C47562ED0FC4302BC22247C6D5282757CC18C316757475176FF48C1
                                                                                                                                                                                                        SHA-512:F0969CFB4B23050779391C852961E71A93C8CB1ED7378585FB573A15510D289F942286B7D302D9E352DC77CBE5A539307DC3EA923EC4A06895E072E36B815111
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...................Z...............8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?.......A...B...C...D...E...F...G...H...I...J...O...L...N...........P...Q...R...U...........V...Z...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                        C:\Windows\Installer\49a7b9.msi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Remote Utilities - Host 7.2 installation package, Comments: This installer contains the logic and data to install Remote Utilities - Host 7.2, Keywords: Installer,MSI,Database, Subject: Remote Utilities - Host 7.2, Author: Remote Utilities Pty (Cy) Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Wed Oct 25 17:17:52 2023, Create Time/Date: Wed Oct 25 17:17:52 2023, Last Printed: Wed Oct 25 17:17:52 2023, Revision Number: {BFB6CB81-8A2D-41FC-A737-5CF8EB370093}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22656000
                                                                                                                                                                                                        Entropy (8bit):7.906722436026202
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:393216:WL2lXkXWYidpIsMLU9zQR5bFvt8uy+zZKKRa8n2o8lQKai847ZxNwb:WLY6G3Mgxmvtry+zxk8wTxNO
                                                                                                                                                                                                        MD5:DBC84F3FE9ECE7369D0FA36E34CE4844
                                                                                                                                                                                                        SHA1:37412165A73BCD574D7F2F34147F2A530FEB7936
                                                                                                                                                                                                        SHA-256:3E88E8A58C47562ED0FC4302BC22247C6D5282757CC18C316757475176FF48C1
                                                                                                                                                                                                        SHA-512:F0969CFB4B23050779391C852961E71A93C8CB1ED7378585FB573A15510D289F942286B7D302D9E352DC77CBE5A539307DC3EA923EC4A06895E072E36B815111
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...................Z...............8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?.......A...B...C...D...E...F...G...H...I...J...O...L...N...........P...Q...R...U...........V...Z...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                        C:\Windows\Installer\MSIAB6F.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):169896
                                                                                                                                                                                                        Entropy (8bit):6.068969720857241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:jqSoP/44Yvge5XKhpKJJdu+ew+BZPHbN2e9n2p+:j5g/ve5XKhMVJSIun6+
                                                                                                                                                                                                        MD5:B5ADF92090930E725510E2AAFE97434F
                                                                                                                                                                                                        SHA1:EB9AFF632E16FCB0459554979D3562DCF5652E21
                                                                                                                                                                                                        SHA-256:1F6F0D9F136BC170CFBC48A1015113947087AC27AED1E3E91673FFC91B9F390B
                                                                                                                                                                                                        SHA-512:1076165011E20C2686FB6F84A47C31DA939FA445D9334BE44BDAA515C9269499BD70F83EB5FCFA6F34CF7A707A828FF1B192EC21245EE61817F06A66E74FF509
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._`,"..Bq..Bq..Bq..q..Bq<.q..Bq..q..Bq..q/.Bq..qh.Bq.y.q..Bq.y.q..Bq..Cq..Bq..q..Bq..q..Bq..q..Bq...q..Bq..q..BqRich..Bq........PE..L.....,a...........!.....p...$......................................................U..................................m............`..p............x.......p..........................................@............................................text....o.......p.................. ..`.rdata..M............t..............@..@.data....1... ......................@....rsrc...p....`.......$..............@..@.reloc...L...p...N...*..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\MSIACD8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1408583
                                                                                                                                                                                                        Entropy (8bit):4.8128312343081046
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:HMMMMMMSLLLLLLLTMMMMMMSLLLLLLLJMMMMMMSLLLLLLLg:HMMMMMMSLLLLLLLTMMMMMMSLLLLLLLJr
                                                                                                                                                                                                        MD5:C1D50A44D3E5171DAEC6BDBF802AC9A5
                                                                                                                                                                                                        SHA1:0707ACD0DED1024989A8043E344D87E7A96218F8
                                                                                                                                                                                                        SHA-256:26C3BE848122AD72E9AF24FE877761D46AE92E34383704F763B4D3D529446D86
                                                                                                                                                                                                        SHA-512:C08F0A7E8741B7C12604A1C267CEA786C917FBC916748DD52D05D80603C2DEB5F23EAAE202A71E5157466CE54CBCA1BE6798A22BFB79D94FA81D2FE3EF1F313B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@IXOS.@.....@.LBX.@.....@.....@.....@.....@.....@......&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}..Remote Utilities - Host..Exel.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{BFB6CB81-8A2D-41FC-A737-5CF8EB370093}.....@.....@.....@.....@.......@.....@.....@.......@......Remote Utilities - Host......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}/.C:\Program Files (x86)\Remote Utilities - Host\.@.......@.....@.....@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}...@.......@.....@.....@...........@....&.{00000000-0000-0000-0000-000000000000}.@.....@.....@......&.{3244CDE6-6414-4399-B0D5-424562747210}...@.......@.....@.....@......&.{197F692B-7CCA-4D79-85A5-ED04202D08D0}...@.......@.....@.....@......&.{E79AC184-AD38-4B26-89D0-75B7CEA19FA2};.C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\.@.......@.....@..

                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.1620403438347329
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:JSbX72FjMiliAGiLIlHVRpzh/7777777777777777777777777vDHFwd8mvbLHpc:JEQI53W8qXa8F
                                                                                                                                                                                                        MD5:0A729EC420FB3F9CFEEA56D3C5E02D22
                                                                                                                                                                                                        SHA1:781F706A6827E089154CE5270FC9F2D27C503F35
                                                                                                                                                                                                        SHA-256:D14BFCF752F4EDD77151479A460CCD7F085C2803D594A1325A016FD215E8B9C6
                                                                                                                                                                                                        SHA-512:E2BFD7255B6296B52C95C91917C101A9C7F0C74DA4373FC784B5213B142CF278E9787B7E4418F07302BCEF9785E450F4C745A4313084B70BA856916DDA061262
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.895945339984345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:g8Ph4uRc06WXJuFT5d9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB29Y:Ph41FFT4lXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:C54E6183C8ADF3D4D90D07D00FA4BD0E
                                                                                                                                                                                                        SHA1:5E8D8E07E5B9609C8FDF6D055E926F719561027B
                                                                                                                                                                                                        SHA-256:3DB177C510404B0889856D3828FF6AB9E6A1F057A6878304B3DF3E4890F79E78
                                                                                                                                                                                                        SHA-512:60C821E1AD75FB9E2915142222168FB672E9571DD71E0F3A51D19EE8AA13B89F0C325CC8C4D471B9F881C7762D395228D541466978E52B4C3C748142ABC826C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):71360
                                                                                                                                                                                                        Entropy (8bit):5.493854356833401
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:PMAyYdTmPJbgqcnDckJdtwCpKAMxkE0twCRr5AMxkEo:P1U81ckJdtwsoxYtwUdxc
                                                                                                                                                                                                        MD5:C5D9AD25A352AB74B481CB2A0E938E40
                                                                                                                                                                                                        SHA1:400D21EEB68A31136C49C4FE5B3FC042CB278CAB
                                                                                                                                                                                                        SHA-256:885C1CD9C61F93C7284FD1DA853D5C58000419655525413CA469B9D5E806403F
                                                                                                                                                                                                        SHA-512:E919646B606B2C8984D1DD9FF5B6FC4F92930290339263D56487DA8A702EC68551B2950E20EF531B452022F3F9FB61A72F73196826AB3E70BDE5521717666FD5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.........................................................................4T..(.......t0...............F...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...t0.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):63168
                                                                                                                                                                                                        Entropy (8bit):5.217205507888401
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:0dMAyYdTmPJbgqcnDc/soJCtwChfqAMxkE1twC53AMxkE7:u1U81cLJCtwsgxJtws3xP
                                                                                                                                                                                                        MD5:D0F686C7B7334657E93B8DB349F9540D
                                                                                                                                                                                                        SHA1:F855C4FA5FBBCF79C6246AF94EB0046CE8FDCE45
                                                                                                                                                                                                        SHA-256:8DECE53004FFEE3BA42A820D1EBEA3CA1482299A6B5B80D682D9D8CDE3070B31
                                                                                                                                                                                                        SHA-512:C883A8DCD573DF1757FB3737D93B40AB25F83A3896DAF610C0112AF2FDE79EDEE1EC9B9499DF073F4F9D7FB80CD51A8663C4485C8B0DC426CA339032B1902C15
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...`...............P....@.................................\.......................................4T..(.......\................F...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...\........ ..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):415424
                                                                                                                                                                                                        Entropy (8bit):4.597963610747478
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:01U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLLl:cjcT6uuuutMMMMMMSLLLLLLLeYCk
                                                                                                                                                                                                        MD5:0A46537981B366DA572524EA4F0F834D
                                                                                                                                                                                                        SHA1:55AA01DF1728DEF4F143084839980043DDB536A3
                                                                                                                                                                                                        SHA-256:FA4A8E01B7748A816CDF2CF7D29E2B926EE4200F685DC87B2CFEB3CE4D0AA55D
                                                                                                                                                                                                        SHA-512:D1EA98137B8FC3B9F88500E0CF40792937B6A8C5FC918ED6E20C5304A6E779F4864DDEE70D67E1B5FCDCF1CB63E185E5F6CB66AC08A2993F644D41EFEDA97F40
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.................................Zj......................................4T..(........u...............F...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):415424
                                                                                                                                                                                                        Entropy (8bit):4.597721784431409
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:W1U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLLj:CjcT6uuuutMMMMMMSLLLLLLLeYSa
                                                                                                                                                                                                        MD5:0DFAE3FEC66BC6813B9C75C76DBDF0F4
                                                                                                                                                                                                        SHA1:537352720EB1427EFD8E971C7B1CC4F2A007868F
                                                                                                                                                                                                        SHA-256:3F2B3730D09552BED4B2CF28C1E237313A7BE313F9E330BC77B147F29B96081E
                                                                                                                                                                                                        SHA-512:84BBBAA2A91AB2E6A2D5ACF7D956DCCD24B1ED55F5E1913601EAB2BE5F5BBE8FA59048BCF27A7F731A878990AB6AF644386F2FC41749236F23FE559093B2BDB3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.................................F.......................................4T..(........u...............F...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):415424
                                                                                                                                                                                                        Entropy (8bit):4.597627123267687
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:31U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLL2:ljcT6uuuutMMMMMMSLLLLLLLeYe
                                                                                                                                                                                                        MD5:13D157111B98791617D98963B653F7FD
                                                                                                                                                                                                        SHA1:062439148EE03C9EFBE24C2E4D801B55F6D76389
                                                                                                                                                                                                        SHA-256:23ACEF13F15429D6F30531224CB1E9C58E64B804351C58A89CE7597CAE1DA6AB
                                                                                                                                                                                                        SHA-512:AC435AC73809178001233E6C8753C5320EE271721E903D1D66FBC65994985A9656CF2A31FD215BC230E5C10F1CAD6B49616E2B6BFEF4FF1213E518E4E8BFE10F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@..................................\......................................4T..(........u...............F...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):432221
                                                                                                                                                                                                        Entropy (8bit):5.375172572548565
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauB:zTtbmkExhMJCIpEr4
                                                                                                                                                                                                        MD5:6BC3260469EC902DB1D090931B067D6A
                                                                                                                                                                                                        SHA1:2A20547F710A0AF56CF53F253B12AE6E35522274
                                                                                                                                                                                                        SHA-256:E87E04370D79BC679540D592857C0C34F36876A8698ACBEBB8CBF9FC24C2024E
                                                                                                                                                                                                        SHA-512:F4913C0EA6682CEE3C9E23F8DC263630F16D68517A08C3265F03407CCF08701C3899E658C8BC8A885B755AB7846699AAE7C49CCDE3261AC0D1EC6CB988901502
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                        C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBF

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):314
                                                                                                                                                                                                        Entropy (8bit):6.642066835146045
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:ZOxjUpUGgtzuaUUG5o7IpP/pUG3QItzuanflflcZa3kK6l2cZbNjF:ZPnaUUG5FgIgaNfGZaUycZbNB
                                                                                                                                                                                                        MD5:7C8F509EE8BA0782632512240F655578
                                                                                                                                                                                                        SHA1:D41ED379B131EE745D21B000DF047E1A07C76F88
                                                                                                                                                                                                        SHA-256:56C31A3824DC1B9DB307931E3F4F698D9757C22E2011B7DFB381E5EAC0A12366
                                                                                                                                                                                                        SHA-512:A9D6D4AB73527699B1C03C6215DBE7E06D2DCE0597A1DEF28CF4016B541BDE20CD07DB04A29488C1CB7E634305874734AF9A4BFFEC52C5296B5DC5D9AB68B44C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0..6....../0..+..+.....0......0...0........H.....6A..cib).K...20240201184200Z0s0q0I0...+..........G+~..w.#.....W.....H.....6A..cib).K......@....QC.Y..@)....20240201184200Z....20240208184200Z0...*.H.=....i.0f.1..J(.\.x....5.*..2z.....LY.i;Bn....;r..X..4...1...5...<]VZ..[..?:4O.._..I...'....X.....xk...2...

                                                                                                                                                                                                        C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EC49180A59F0C351C30F112AD97CFA5_ED80F76A55EEDF047A88FD3F37D62FA3

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):313
                                                                                                                                                                                                        Entropy (8bit):6.5546319534749
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:MBN7ULL7ujQQW+G5o7/MqexL7hf4c+ouzQVtqpmwdFiOfUOELX6eqSJZ:MbY+WX5nrxaStqowd7fUOEj6HgZ
                                                                                                                                                                                                        MD5:888564A0B6D055C179A5CA8137F69617
                                                                                                                                                                                                        SHA1:6A31E95C20B58030865F3CA6D1E8CED3794C259F
                                                                                                                                                                                                        SHA-256:5A4A8BEF73E85D46EC53B81F57BA964FD755D101CF7AE7B60F0EB0451B6DE64D
                                                                                                                                                                                                        SHA-512:D7161FA3675131C1359674CE5CEE688FCF96C7129D5A7DE1BE5C08CCD4358F3D8D404D2DF9656E6C2492115257D664D4C7DE787F7B9988C274CCD009DBF80468
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0..5.......0..*..+.....0......0...0......._.6.....'..."...8w...20240202051846Z0s0q0I0...+..........[.x.A.<.q)nj.L.._..._.6.....'..."...8w.....*G..jZ.n#.A~......20240202050302Z....20240209040302Z0...*.H.=....h.0e.0.}.H.......hw^Cb..'.x.).2.^..-~1p0a.q..'.2.1..OoEb.p1.$7<'.....-}........V]e%....3s.p1d

                                                                                                                                                                                                        C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBF

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):404
                                                                                                                                                                                                        Entropy (8bit):3.913938006640074
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:tcNldkEX66sMNmxMiv8sFpT6er+iTw73br:eAEXbsOmxxvbLFTkbr
                                                                                                                                                                                                        MD5:E27E17654028F5B828483EAD36078AD0
                                                                                                                                                                                                        SHA1:4B7D6AE60A07C14BF50B715D0DBC9B5FDE4C03F3
                                                                                                                                                                                                        SHA-256:2F0A81F46DBE0C6B8FD86D1034000E88A308FFB01CDD299048B9421522EAA070
                                                                                                                                                                                                        SHA-512:9B775406662679633438912C80BB2C0BD0E0717B87AE5D9AF37CD6D88000F3E22B8EE2426D59A0838E424D2D84D0087D2B83AE003B58297C31CC74BC0D1F3389
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:p...... .... .....g.U..(.................0W>U.......Z.......................Z.. .........9a.U.. ...............:...h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.r.j.r.y.d.R.y.t.%.2.B.A.p.F.3.G.S.P.y.p.f.H.B.x.R.5.X.t.Q.Q.U.s.9.t.I.p.P.m.h.x.d.i.u.N.k.H.M.E.W.N.p.Y.i.m.8.S.8.Y.C.E.A.%.2.B.4.p.0.C.5.F.Y.0.D.U.U.O.8.W.d.n.w.Q.C.k.%.3.D...

                                                                                                                                                                                                        C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EC49180A59F0C351C30F112AD97CFA5_ED80F76A55EEDF047A88FD3F37D62FA3

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):408
                                                                                                                                                                                                        Entropy (8bit):3.9247957560796167
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:kKe38qwaRNfOAUMivhClroFH18WilzmlwyiilHDuel8DtQHl+w4lWqlk77ANn:S8faLmxMiv8sFarlyFiiMe+4l+w4PlZ
                                                                                                                                                                                                        MD5:57DA74F59030AED7A30414D6DD925FBB
                                                                                                                                                                                                        SHA1:39FB0C31C8BF2A032F3D788402B33F4C0E363964
                                                                                                                                                                                                        SHA-256:78D399CA8C184B2F7017C8FEAF5B44D237C4379F7CE95A0A013C707C9501614B
                                                                                                                                                                                                        SHA-512:743F7DEE3E86D585EBCB844F8CA099CB5B2CBC9218F0F842069F50639FAA4D666351314D80051F3F2BCE1F746B12EAD15F7A6FFA1F812E6331AB302F37908F8F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:p...... ....$...C.T.U..(....................U....2..[....................2..[.. .........(..U.. ...............9...h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.E.6.7.N.b.q.3.j.f.Q.Q.g.8.y.X.E.p.b.m.q.L.T.N.n.7.X.w.Q.U.m.1.%.2.B.w.N.r.q.d.B.q.4.Z.J.7.3.A.o.C.L.A.i.4.s.4.d.%.2.B.0.C.E.A.7.z.K.k.e.s.D.W.p.a.7.2.4.j.j.E.F.%.2.B.2.x.0.%.3.D...

                                                                                                                                                                                                        C:\Windows\Temp\~DF10BD94535F44088B.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.49702049430394
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2dwuMO+CFXJvT55Ukym9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB2i:iwGHT3twlXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:1A8F292A886E376D3C2C702958B09E06
                                                                                                                                                                                                        SHA1:7BCBF4DAE59C69329CDD083A6F192E312E06368C
                                                                                                                                                                                                        SHA-256:800111B992522BBAF77236A54AE82173F1CB7FA83180322908950C4E926A8625
                                                                                                                                                                                                        SHA-512:96FF0F3398CFA46F847CCEA2335AC84D117DDA5A5E945C6D2E2CDAF33DC12A093463AB9F28FACB26D94EFBA5D149591B7AF0B5DBB8798BF375BE1CD3BB1FD640
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF43AE85119F93081A.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.06887906536849638
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOwd6SumvbfzYsEoVky6l0t/:2F0i8n0itFzDHFwd8mvbLK01
                                                                                                                                                                                                        MD5:BE571F185F10B61BEC870EE494C2DB99
                                                                                                                                                                                                        SHA1:F2C1BE92CDA3689AE4B7C426715C8FA1C31A31CA
                                                                                                                                                                                                        SHA-256:F6BF0799FD664C0732F91B052E213BDBB42BA5AC71D0F846739E9E85B21A59D2
                                                                                                                                                                                                        SHA-512:0D8425263AC7F1B7EF53A3CDB2019135A651BDA8283CE5568A8EC0C8B8ED88ACAFE2A6F00ACD0FD92035D1A0EE9EC2DF04E21B76ADB79CF790883B55AE88892F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF46A59DA49B45DF44.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.895945339984345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:g8Ph4uRc06WXJuFT5d9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB29Y:Ph41FFT4lXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:C54E6183C8ADF3D4D90D07D00FA4BD0E
                                                                                                                                                                                                        SHA1:5E8D8E07E5B9609C8FDF6D055E926F719561027B
                                                                                                                                                                                                        SHA-256:3DB177C510404B0889856D3828FF6AB9E6A1F057A6878304B3DF3E4890F79E78
                                                                                                                                                                                                        SHA-512:60C821E1AD75FB9E2915142222168FB672E9571DD71E0F3A51D19EE8AA13B89F0C325CC8C4D471B9F881C7762D395228D541466978E52B4C3C748142ABC826C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF529C0FE4C5A9CE4B.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF70B43A60818B563C.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF8E23FC32B87CAA71.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DF9FE2B93D9F6F7365.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFB588C3675999CB76.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):1.895945339984345
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:g8Ph4uRc06WXJuFT5d9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB29Y:Ph41FFT4lXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:C54E6183C8ADF3D4D90D07D00FA4BD0E
                                                                                                                                                                                                        SHA1:5E8D8E07E5B9609C8FDF6D055E926F719561027B
                                                                                                                                                                                                        SHA-256:3DB177C510404B0889856D3828FF6AB9E6A1F057A6878304B3DF3E4890F79E78
                                                                                                                                                                                                        SHA-512:60C821E1AD75FB9E2915142222168FB672E9571DD71E0F3A51D19EE8AA13B89F0C325CC8C4D471B9F881C7762D395228D541466978E52B4C3C748142ABC826C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFCE78CABB386C66F3.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFD5F4580B380072C8.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.49702049430394
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2dwuMO+CFXJvT55Ukym9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB2i:iwGHT3twlXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:1A8F292A886E376D3C2C702958B09E06
                                                                                                                                                                                                        SHA1:7BCBF4DAE59C69329CDD083A6F192E312E06368C
                                                                                                                                                                                                        SHA-256:800111B992522BBAF77236A54AE82173F1CB7FA83180322908950C4E926A8625
                                                                                                                                                                                                        SHA-512:96FF0F3398CFA46F847CCEA2335AC84D117DDA5A5E945C6D2E2CDAF33DC12A093463AB9F28FACB26D94EFBA5D149591B7AF0B5DBB8798BF375BE1CD3BB1FD640
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFDE25689DD43B2CB0.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                                        Entropy (8bit):0.26499363023775985
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:QtwXSB29odTfdTuOdThRXdTpkdTpdTKdTI9mSKdTfdTuOdThRXdTpkdTpdTKdTtR:w+qLJnBy/ifXJnBy/itbV
                                                                                                                                                                                                        MD5:4B10A259B2226A26CD98E062FB70F4D6
                                                                                                                                                                                                        SHA1:C6D44E56DEEAD4F3ED0F2AE9D656E88A8A2B258A
                                                                                                                                                                                                        SHA-256:C15AC826D08AB6FC2DDA39716E318A15F291FE8C226AC339B0F56AE784A30407
                                                                                                                                                                                                        SHA-512:63E623E51AC09C3BB7A22AA787C13A06006DAB60CE25020FBDFD4FBEDF808FE82FC555C244246182233E39D091B76C0C379EC3A25C87DFAD4A35FDC5498D344B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Windows\Temp\~DFE4BF60F9C7AF91F3.TMP

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):1.49702049430394
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2dwuMO+CFXJvT55Ukym9ue9mSKdTfdTuOdThRXdTpkdTpdTKdTt6AdTnUo94SB2i:iwGHT3twlXJnBy/itbCqLJnBy/i0
                                                                                                                                                                                                        MD5:1A8F292A886E376D3C2C702958B09E06
                                                                                                                                                                                                        SHA1:7BCBF4DAE59C69329CDD083A6F192E312E06368C
                                                                                                                                                                                                        SHA-256:800111B992522BBAF77236A54AE82173F1CB7FA83180322908950C4E926A8625
                                                                                                                                                                                                        SHA-512:96FF0F3398CFA46F847CCEA2335AC84D117DDA5A5E945C6D2E2CDAF33DC12A093463AB9F28FACB26D94EFBA5D149591B7AF0B5DBB8798BF375BE1CD3BB1FD640
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.99798080331911
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                                                                                                                                        File size:20'949'417 bytes
                                                                                                                                                                                                        MD5:075d6c122274cb9226521d3cd298f2f2
                                                                                                                                                                                                        SHA1:6f54d70f39fa28596ef90bfcb0c14278b016db1b
                                                                                                                                                                                                        SHA256:92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573
                                                                                                                                                                                                        SHA512:c89f25e451ae095635bee4df25cbf7bb8431d87017ae65898471b346ee3b2a8694b5a45aa00e4dc54881905643c62843216d402e10faadd195e10922a29573be
                                                                                                                                                                                                        SSDEEP:393216:9Vz6+gdQzi/Ew1x1vXYQBEPDdasNaAzEFuEaP3CxMk50pRZfQCy0lifWA5J8EOx:LHSvI+EPDdXNaHaP4Mk50hfh/ieA5nOx
                                                                                                                                                                                                        TLSH:14273306D79D18FCC8A9E67D985B4C47E633784D2211A48F176949A22F83334ED3F72A
                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:0e0f7834fc39070c

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x140032dc0
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x6579B995 [Wed Dec 13 14:03:01 2023 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                        OS Version Minor:2
                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                        File Version Minor:2
                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                        Subsystem Version Minor:2
                                                                                                                                                                                                        Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                        call 00007F11E0BCA2E8h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                        jmp 00007F11E0BC9C7Fh
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov eax, esp
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov dword ptr [eax+08h], ebx
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov dword ptr [eax+10h], ebp
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov dword ptr [eax+18h], esi
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov dword ptr [eax+20h], edi
                                                                                                                                                                                                        inc ecx
                                                                                                                                                                                                        push esi
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                        dec ebp
                                                                                                                                                                                                        mov edx, dword ptr [ecx+38h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov esi, edx
                                                                                                                                                                                                        dec ebp
                                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ebp, ecx
                                                                                                                                                                                                        dec ecx
                                                                                                                                                                                                        mov edx, ecx
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ecx, esi
                                                                                                                                                                                                        dec ecx
                                                                                                                                                                                                        mov edi, ecx
                                                                                                                                                                                                        inc ecx
                                                                                                                                                                                                        mov ebx, dword ptr [edx]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        shl ebx, 04h
                                                                                                                                                                                                        dec ecx
                                                                                                                                                                                                        add ebx, edx
                                                                                                                                                                                                        dec esp
                                                                                                                                                                                                        lea eax, dword ptr [ebx+04h]
                                                                                                                                                                                                        call 00007F11E0BC9103h
                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                        and al, 66h
                                                                                                                                                                                                        neg al
                                                                                                                                                                                                        mov eax, 00000001h
                                                                                                                                                                                                        sbb edx, edx
                                                                                                                                                                                                        neg edx
                                                                                                                                                                                                        add edx, eax
                                                                                                                                                                                                        test dword ptr [ebx+04h], edx
                                                                                                                                                                                                        je 00007F11E0BC9E13h
                                                                                                                                                                                                        dec esp
                                                                                                                                                                                                        mov ecx, edi
                                                                                                                                                                                                        dec ebp
                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov edx, esi
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ecx, ebp
                                                                                                                                                                                                        call 00007F11E0BCBE27h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ebx, dword ptr [esp+30h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ebp, dword ptr [esp+38h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov esi, dword ptr [esp+40h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov edi, dword ptr [esp+48h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                        inc ecx
                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 48h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                        call 00007F11E0BB8693h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        lea edx, dword ptr [00025887h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                        call 00007F11E0BCAEE2h
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        jmp 00007F11E0BD10C4h
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3

                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x597c00x34.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x597f40x50.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x1e324.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x8f0000x970.reloc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588dc0x120.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        .text0x10000x4664e0x46800cb5fa3169f581ba82faed363ff4f6e49False0.5365483710106383data6.468535106678591IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rdata0x480000x128e40x12a00919da1ea112d11a732dbc754aee3741bFalse0.44967753775167785data5.272430005055125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .data0x5b0000xe75c0x1a0017e6aee7483d05299c67ef1c20548699False0.28260216346153844data3.2575802848760493IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .pdata0x6a0000x306c0x3200bb12e72c2a1957150354ef39796c9470False0.485625data5.507547185354104IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .didat0x6e0000x3600x400ced4b34f6105bed5c533724cbd855e33False0.2568359375data3.0248828943464656IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        _RDATA0x6f0000x15c0x200c67570d55af77c6d3a435fe95a2589acFalse0.40625data3.3215020267482327IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rsrc0x700000x1e3240x1e40089bca75165439faf93b747f75742c27dFalse0.938646048553719data7.896782666673534IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .reloc0x8f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        PNG0x705240x13154PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced0.9947162376541631
                                                                                                                                                                                                        RT_ICON0x836780x858ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9985668324071366
                                                                                                                                                                                                        RT_DIALOG0x8bc080x2badata0.5286532951289399
                                                                                                                                                                                                        RT_DIALOG0x8bec40x13adata0.6560509554140127
                                                                                                                                                                                                        RT_DIALOG0x8c0000xf2data0.71900826446281
                                                                                                                                                                                                        RT_DIALOG0x8c0f40x14adata0.6
                                                                                                                                                                                                        RT_DIALOG0x8c2400x314data0.47588832487309646
                                                                                                                                                                                                        RT_DIALOG0x8c5540x24adata0.6279863481228669
                                                                                                                                                                                                        RT_STRING0x8c7a00x1fcdata0.421259842519685
                                                                                                                                                                                                        RT_STRING0x8c99c0x246data0.41924398625429554
                                                                                                                                                                                                        RT_STRING0x8cbe40x1a6data0.514218009478673
                                                                                                                                                                                                        RT_STRING0x8cd8c0xdcdata0.65
                                                                                                                                                                                                        RT_STRING0x8ce680x470data0.3873239436619718
                                                                                                                                                                                                        RT_STRING0x8d2d80x164data0.5056179775280899
                                                                                                                                                                                                        RT_STRING0x8d43c0x110data0.5772058823529411
                                                                                                                                                                                                        RT_STRING0x8d54c0x158data0.4563953488372093
                                                                                                                                                                                                        RT_STRING0x8d6a40xe8data0.5948275862068966
                                                                                                                                                                                                        RT_STRING0x8d78c0x1c6data0.5242290748898678
                                                                                                                                                                                                        RT_STRING0x8d9540x268data0.4837662337662338
                                                                                                                                                                                                        RT_GROUP_ICON0x8dbbc0x14data1.05
                                                                                                                                                                                                        RT_MANIFEST0x8dbd00x753XML 1.0 document, ASCII text, with CRLF line terminators0.39786666666666665

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                                                                                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                                                                                                        gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.025059938 CET497345651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.028461933 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.041404009 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.042712927 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.042725086 CET497385651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.051462889 CET4973980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.247539043 CET565149735101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.247647047 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.260546923 CET46549736101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.260616064 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.263031006 CET8049737101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:22.263729095 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.027426004 CET497345651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.027559042 CET497385651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.121231079 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.121229887 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.230521917 CET4973980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.230535984 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.714910984 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.715123892 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.933636904 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.105581999 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.105581045 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.105592012 CET497345651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.105974913 CET497385651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.230550051 CET4973980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.418035030 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.368830919 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.489749908 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.489840984 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.490696907 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.490799904 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.611716986 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.683662891 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.699285030 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:28.152405977 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:29.105572939 CET497345651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:29.105745077 CET497385651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:29.230571985 CET4973980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:32.840043068 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:32.886811972 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:33.621156931 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:35.988476992 CET4974280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:35.988694906 CET497435651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:35.999866962 CET497445651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:36.018121958 CET497455651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:36.114202023 CET4974780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:36.114248037 CET497465651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:36.996181965 CET4974280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:36.997667074 CET497435651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.011818886 CET497445651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.027415991 CET497455651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.121166945 CET497465651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.121167898 CET4974780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.532773972 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.533879995 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.534821033 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.621692896 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.621757030 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.753740072 CET565149748101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.753849030 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.755201101 CET46549750101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.755371094 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.755496979 CET8049749101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:37.755561113 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.418041945 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.418060064 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.418364048 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.949394941 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.949395895 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.949398041 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.996162891 CET4974280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.996314049 CET497435651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:39.011812925 CET497445651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:39.043061972 CET497455651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:39.121176958 CET4974780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:39.136789083 CET497465651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:40.261966944 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:40.261971951 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:40.277654886 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.871217966 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.873662949 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.933794022 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.996592999 CET4974280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.997653008 CET497435651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.027424097 CET497445651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.043051958 CET497455651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.121186972 CET4974780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.136895895 CET497355651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.136895895 CET497465651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.246273041 CET4973780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.796216965 CET4975180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:43.875823975 CET497525651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:44.558669090 CET49736465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:44.796236038 CET4975180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:44.886828899 CET497525651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.063117981 CET497535651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.076226950 CET497545651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.173964024 CET497555651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.191998959 CET4975680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.808845997 CET4975180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:46.886821985 CET497525651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.074276924 CET497535651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.090042114 CET497545651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.168040991 CET497555651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.199326038 CET4975680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.743442059 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:47.743546963 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:48.074362993 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:48.076666117 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:48.246167898 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:49.074373007 CET497535651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:49.105628014 CET497545651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:49.168129921 CET497555651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:49.214916945 CET4975680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:50.808662891 CET4975180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:50.902405977 CET497525651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:52.849366903 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:52.890458107 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:52.891227007 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.070310116 CET8049757101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.070590019 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.074275017 CET497535651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.109831095 CET565149758101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.109921932 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.110255957 CET46549759101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.110336065 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.121148109 CET497545651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.168034077 CET497555651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.230556965 CET4975680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.746154070 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.761774063 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.761795998 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.838515043 CET4976180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.936974049 CET497625651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.293028116 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.293045044 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.293047905 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.839920044 CET4976180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.949264050 CET497625651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.191329002 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.191376925 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.191471100 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.589925051 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.589932919 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.653656960 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.125189066 CET497635651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.138747931 CET497645651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.238107920 CET497655651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.238116980 CET4976680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.855521917 CET4976180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:56.949290037 CET497625651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:57.136828899 CET497635651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:57.152422905 CET497645651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:57.230742931 CET497655651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:57.232350111 CET4976680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.168077946 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.168246984 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.355572939 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.464973927 CET4974980192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.480515957 CET49750465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.855585098 CET497485651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:37:59.136773109 CET497635651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:59.168147087 CET497645651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:37:59.246335030 CET497655651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:37:59.246526957 CET4976680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:00.855573893 CET4976180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:00.949284077 CET497625651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.136782885 CET497635651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.168047905 CET497645651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.246189117 CET4976680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.246193886 CET497655651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.308765888 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.324328899 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.761811018 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.890258074 CET4976780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.999679089 CET497685651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:04.902468920 CET4976780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:05.012670994 CET497685651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:05.322232008 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:05.322312117 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:06.187670946 CET497695651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:06.202579975 CET497705651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:06.297880888 CET497715651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:06.311985970 CET4977280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:06.918072939 CET4976780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:07.011812925 CET497685651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:07.199484110 CET497695651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:07.199614048 CET497705651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:07.308804035 CET497715651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:07.324448109 CET4977280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.463413954 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.468446016 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.469692945 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.682470083 CET8049773101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.682552099 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.688801050 CET46549774101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.689166069 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.689757109 CET565149775101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:08.689815044 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.214900017 CET497695651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.230515957 CET497705651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.311933041 CET497715651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.339905977 CET4977280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.339912891 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.339930058 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.339931965 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.871155977 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.873063087 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.875725985 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:10.918019056 CET4976780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:11.011847973 CET497685651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:11.168054104 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:11.168054104 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:11.183773041 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.215008974 CET497695651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.246216059 CET497705651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.324297905 CET497715651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.339929104 CET4977280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.591820955 CET49759465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.621256113 CET497585651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.746207952 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.761920929 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.793179989 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.957506895 CET4977680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:14.063043118 CET497775651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:14.574362993 CET4975780192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:14.964932919 CET4977680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:15.074326038 CET497775651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:15.447232962 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:15.447443008 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:16.251576900 CET497785651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:16.266746044 CET497795651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:16.366787910 CET4978080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:16.374257088 CET497815651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:16.980549097 CET4977680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:17.074305058 CET497775651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:17.261850119 CET497785651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:17.277504921 CET497795651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:17.371259928 CET4978080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:17.371279001 CET497815651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:18.886785984 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:18.951739073 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:19.011862040 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:19.261790037 CET497785651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:19.277420998 CET497795651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:19.371165991 CET4978080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:19.371187925 CET497815651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:20.668853998 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:20.794096947 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:20.794130087 CET56554974164.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:20.794188976 CET497415655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:20.980581999 CET4977680192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:21.074306965 CET497775651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.277488947 CET497785651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.277509928 CET497795651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.371171951 CET4978080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.371181011 CET497815651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.846169949 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.849237919 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.850317001 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:23.907582998 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.015434027 CET4978780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.065526962 CET565149783101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.065613985 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.069658041 CET46549784101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.070497990 CET8049785101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.070610046 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.071796894 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.124819994 CET497885651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.126861095 CET46549786101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.126962900 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.714889050 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.730547905 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.730547905 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.793075085 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.011830091 CET4978780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.136929989 CET497885651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.246160030 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.261775017 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.261775970 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.324712992 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.241691113 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.352899075 CET497905651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.381094933 CET56554978964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.381201029 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.381700993 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.381726980 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.426052094 CET497915651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.426196098 CET4979280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.521198988 CET56554978964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.543025017 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.558634996 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.574255943 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.652398109 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.903173923 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.027405977 CET4978780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.042551994 CET56554978964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.042579889 CET56554978964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.042627096 CET497895655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.152426958 CET497885651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.355549097 CET497905651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.418030024 CET4979280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:27.418199062 CET497915651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.121323109 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.152442932 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.168086052 CET4977380192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.172241926 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.293174028 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.324299097 CET497755651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.371172905 CET497905651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.418092012 CET4979280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.418128967 CET497915651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.543060064 CET49774465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:31.043044090 CET4978780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:31.152458906 CET497885651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.247832060 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.365813971 CET56554979364.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.366020918 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.366710901 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.366744041 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.367616892 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.484359026 CET56554979364.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.485110044 CET56554979364.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.485127926 CET56554979364.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:32.485219955 CET497935655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:33.371253967 CET497905651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:33.418154001 CET497915651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:33.543091059 CET4979280192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.078978062 CET4979480192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.187736988 CET497955651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.277436972 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.339947939 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.355624914 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.558676004 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:35.089960098 CET4979480192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:35.199278116 CET497955651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:36.375020981 CET497965651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:36.494515896 CET4979780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:36.494714975 CET497985651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.089901924 CET4979480192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.199256897 CET497955651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.386764050 CET497965651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.496159077 CET4979780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.496299028 CET497985651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.718451023 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.839581966 CET56554979964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.839929104 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.842046976 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.842046976 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.843009949 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.962852001 CET56554979964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.963713884 CET56554979964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.963748932 CET56554979964.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:37.964145899 CET497995655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.113101959 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.115680933 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.117712021 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.221982956 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.332081079 CET565149800101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.332156897 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.334759951 CET8049801101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.334846973 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.339512110 CET46549802101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.339576006 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.390954971 CET497965651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.441637993 CET46549803101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.441823959 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.511784077 CET4979780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:39.511842966 CET497985651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.011778116 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.121157885 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.121397972 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.199279070 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.699309111 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.730528116 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.730698109 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.808634996 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:41.121155024 CET4979480192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:41.230518103 CET497955651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:42.105530024 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:42.105634928 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:42.121151924 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:42.121268034 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.404047012 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.506360054 CET497965651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.528649092 CET56554980464.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.528742075 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.530276060 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.530306101 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.531192064 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.623224020 CET4979780192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.623238087 CET497985651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.654551983 CET56554980464.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.655139923 CET56554980464.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.655175924 CET56554980464.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:43.655230999 CET498045655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.143291950 CET4980580192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.251909018 CET498065651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.636759996 CET497835651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.808670998 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.808728933 CET49784465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.808743000 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.824351072 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.824407101 CET4978580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.824409962 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:45.136765957 CET49786465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:45.306684017 CET4980580192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:45.324405909 CET498065651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:47.308656931 CET4980580192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:47.324289083 CET498065651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:47.914274931 CET498075651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:47.916068077 CET498085651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:47.916157961 CET4980980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:48.933684111 CET498085651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:48.996197939 CET498075651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.000230074 CET4980980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.007180929 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.131407976 CET56554981064.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.131661892 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.162523985 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.162554979 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.167639017 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.286990881 CET56554981064.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.291740894 CET56554981064.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.291754961 CET56554981064.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:49.291841984 CET498105655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.050575018 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.121166945 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.121619940 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.199270964 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.933660984 CET498085651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.996180058 CET4980980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.996269941 CET498075651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:51.308696985 CET4980580192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:51.433660984 CET498065651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.219999075 CET4981180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.314193964 CET498125651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.425582886 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.426933050 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.468303919 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.533998966 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.570333004 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.646049976 CET46549813101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.646141052 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.647171974 CET565149814101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.647236109 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.688668013 CET8049815101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.688750982 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.691653967 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.691731930 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.692209959 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.692234993 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.754563093 CET46549816101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.754654884 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.813433886 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:54.933655024 CET498085651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.105525017 CET498075651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.105616093 CET4980980192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.230515003 CET4981180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.433666945 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.433959961 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.433973074 CET498125651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.434047937 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.480135918 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.105526924 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.136785030 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.136796951 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.136797905 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.454792023 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.454862118 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.454922915 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.809340954 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.930761099 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.930795908 CET56554981764.20.61.146192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.932869911 CET498175655192.168.2.464.20.61.146
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.127296925 CET498185655192.168.2.466.23.226.254
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.233629942 CET4981180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.248091936 CET56554981866.23.226.254192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.248579979 CET498185655192.168.2.466.23.226.254
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.249140978 CET498185655192.168.2.466.23.226.254
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.249216080 CET498185655192.168.2.466.23.226.254
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.369954109 CET56554981866.23.226.254192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.433814049 CET498125651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.496540070 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.621191978 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.621210098 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.621211052 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.921813965 CET498195651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.936893940 CET4982080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.950176954 CET498215651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:58.933661938 CET498195651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:38:58.933856964 CET4982080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:38:58.964979887 CET498215651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.121155977 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.293025970 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.293066025 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.309235096 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.339883089 CET49803465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.511775970 CET4980180192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.527400970 CET49802465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.808715105 CET498005651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.933659077 CET498195651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.933768988 CET4982080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.965657949 CET498215651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:01.230537891 CET4981180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:01.449592113 CET498125651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:39:04.949280977 CET498195651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:39:04.949610949 CET4982080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:04.981256962 CET498215651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:05.371220112 CET4981580192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:05.621186972 CET49816465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:05.652439117 CET49813465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:05.683708906 CET498145651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:07.382016897 CET56554981866.23.226.254192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:39:07.382137060 CET498185655192.168.2.466.23.226.254
                                                                                                                                                                                                        Feb 2, 2024 09:39:09.230505943 CET4981180192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:09.464885950 CET498125651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:39:12.949285984 CET498195651192.168.2.4185.70.104.90
                                                                                                                                                                                                        Feb 2, 2024 09:39:12.949656010 CET4982080192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:12.980614901 CET498215651192.168.2.477.105.132.70
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.128570080 CET4982280192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.128679991 CET498235651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.128969908 CET49824465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.347836971 CET565149823101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.347924948 CET498235651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.349119902 CET8049822101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.349138975 CET46549824101.99.94.54192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.349184036 CET4982280192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.349229097 CET49824465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.996131897 CET4982280192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.996153116 CET49824465192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.996154070 CET498235651192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:14.527378082 CET4982280192.168.2.4101.99.94.54
                                                                                                                                                                                                        Feb 2, 2024 09:39:14.527386904 CET498235651192.168.2.4101.99.94.54

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.247483015 CET6512953192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.366250038 CET53651291.1.1.1192.168.2.4
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.122497082 CET5042253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.240483046 CET53504221.1.1.1192.168.2.4

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.247483015 CET192.168.2.41.1.1.10x5fc8Standard query (0)id72.remoteutilities.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.122497082 CET192.168.2.41.1.1.10x5fe1Standard query (0)id72.remoteutilities.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Feb 2, 2024 09:37:17.167222023 CET1.1.1.1192.168.2.40x989aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:37:17.167222023 CET1.1.1.1192.168.2.40x989aNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.366250038 CET1.1.1.1192.168.2.40x5fc8No error (0)id72.remoteutilities.comid.remoteutilities.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.366250038 CET1.1.1.1192.168.2.40x5fc8No error (0)id.remoteutilities.com64.20.61.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.240483046 CET1.1.1.1192.168.2.40x5fe1No error (0)id72.remoteutilities.comid.remoteutilities.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.240483046 CET1.1.1.1192.168.2.40x5fe1No error (0)id.remoteutilities.com64.20.61.146A (IP address)IN (0x0001)false

                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.449737101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.121231079 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:23.715123892 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:25.105581999 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:27.699285030 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:32.886811972 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.449749101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.418060064 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:38.949398041 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:40.261971951 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:42.871217966 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:48.074362993 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.449757101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:37:53.746154070 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:54.293028116 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:55.653656960 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:37:58.355572939 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:03.761811018 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.449773101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.339912891 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:09.873063087 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:11.168054104 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:13.746207952 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:18.886785984 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        4192.168.2.449785101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:38:24.730547905 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:25.261775017 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:26.574255943 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:29.172241926 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:34.355624914 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        5192.168.2.449801101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.121157885 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:40.730528116 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:42.121151924 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:44.824351072 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:50.121166945 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        6192.168.2.449815101.99.94.54807876C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:38:55.480135918 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:56.105526924 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:38:57.496540070 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:39:00.121155977 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:39:05.371220112 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        7192.168.2.449822101.99.94.5480
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Feb 2, 2024 09:39:13.996131897 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 2, 2024 09:39:14.527378082 CET6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:09:36:56
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                                                                                                                                        Imagebase:0x7ff6cdb10000
                                                                                                                                                                                                        File size:20'949'417 bytes
                                                                                                                                                                                                        MD5 hash:075D6C122274CB9226521D3CD298F2F2
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:09:36:58
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
                                                                                                                                                                                                        Imagebase:0x7ff6043c0000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:09:36:58
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                        Imagebase:0x7ff6043c0000
                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                        Start time:09:36:59
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9
                                                                                                                                                                                                        Imagebase:0xf30000
                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                        Start time:09:37:03
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
                                                                                                                                                                                                        Imagebase:0x650000
                                                                                                                                                                                                        File size:10'931'000 bytes
                                                                                                                                                                                                        MD5 hash:6AAE165F3B1575DB887A0370CFC80083
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: ditekSHen
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                        Start time:09:37:05
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
                                                                                                                                                                                                        Imagebase:0x340000
                                                                                                                                                                                                        File size:21'148'984 bytes
                                                                                                                                                                                                        MD5 hash:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: Joe Security
                                                                                                                                                                                                        • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: ditekSHen
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                        Start time:09:37:09
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
                                                                                                                                                                                                        Imagebase:0x340000
                                                                                                                                                                                                        File size:21'148'984 bytes
                                                                                                                                                                                                        MD5 hash:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                        Start time:09:37:14
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
                                                                                                                                                                                                        Imagebase:0x7ff6ec4b0000
                                                                                                                                                                                                        File size:21'148'984 bytes
                                                                                                                                                                                                        MD5 hash:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                        Start time:09:37:15
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
                                                                                                                                                                                                        Imagebase:0x340000
                                                                                                                                                                                                        File size:21'148'984 bytes
                                                                                                                                                                                                        MD5 hash:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                        Start time:09:37:20
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
                                                                                                                                                                                                        Imagebase:0x340000
                                                                                                                                                                                                        File size:21'148'984 bytes
                                                                                                                                                                                                        MD5 hash:652C2A693B333504A3879460D0AF7224
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                        Start time:09:37:21
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        Imagebase:0x650000
                                                                                                                                                                                                        File size:10'931'000 bytes
                                                                                                                                                                                                        MD5 hash:6AAE165F3B1575DB887A0370CFC80083
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                        Start time:09:37:21
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                                                                                                                                                                                                        Imagebase:0x650000
                                                                                                                                                                                                        File size:10'931'000 bytes
                                                                                                                                                                                                        MD5 hash:6AAE165F3B1575DB887A0370CFC80083
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                        Start time:09:37:29
                                                                                                                                                                                                        Start date:02/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
                                                                                                                                                                                                        Imagebase:0x650000
                                                                                                                                                                                                        File size:10'931'000 bytes
                                                                                                                                                                                                        MD5 hash:6AAE165F3B1575DB887A0370CFC80083
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:11.8%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:28.3%
                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                          Total number of Limit Nodes:24
                                                                                                                                                                                                          execution_graph 25909 7ff6cdb4be0c 25916 7ff6cdb4bb14 25909->25916 25921 7ff6cdb4d320 35 API calls 2 library calls 25916->25921 25918 7ff6cdb4bb1f 25922 7ff6cdb4cf48 35 API calls abort 25918->25922 25921->25918 26714 7ff6cdb4d82c 26715 7ff6cdb4d877 26714->26715 26720 7ff6cdb4d83b abort 26714->26720 26721 7ff6cdb4d57c 15 API calls _invalid_parameter_noinfo_noreturn 26715->26721 26717 7ff6cdb4d85e RtlAllocateHeap 26718 7ff6cdb4d875 26717->26718 26717->26720 26719 7ff6cdb4baa0 abort 2 API calls 26719->26720 26720->26715 26720->26717 26720->26719 26721->26718 25716 7ff6cdb402c0 25717 7ff6cdb40377 25716->25717 25718 7ff6cdb402ff 25716->25718 25741 7ff6cdb2aa90 25717->25741 25720 7ff6cdb2aa90 48 API calls 25718->25720 25722 7ff6cdb40313 25720->25722 25756 7ff6cdb2da04 25722->25756 25723 7ff6cdb2da04 48 API calls 25729 7ff6cdb40322 memcpy_s 25723->25729 25726 7ff6cdb40421 25753 7ff6cdb1250c 25726->25753 25727 7ff6cdb404ac 25733 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25727->25733 25728 7ff6cdb404a6 25759 7ff6cdb477e4 25728->25759 25729->25727 25729->25728 25748 7ff6cdb11fa0 25729->25748 25734 7ff6cdb404b2 25733->25734 25742 7ff6cdb2aaa3 25741->25742 25764 7ff6cdb29724 25742->25764 25745 7ff6cdb2ab08 LoadStringW 25746 7ff6cdb2ab36 25745->25746 25747 7ff6cdb2ab21 LoadStringW 25745->25747 25746->25723 25747->25746 25749 7ff6cdb11fdc 25748->25749 25750 7ff6cdb11fb3 25748->25750 25749->25726 25750->25749 25751 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25750->25751 25752 7ff6cdb12000 25751->25752 25754 7ff6cdb12516 SetDlgItemTextW 25753->25754 25755 7ff6cdb12513 25753->25755 25755->25754 25801 7ff6cdb2d7e0 25756->25801 25904 7ff6cdb4771c 31 API calls _invalid_parameter_noinfo_noreturn 25759->25904 25761 7ff6cdb477fd 25905 7ff6cdb47814 16 API calls abort 25761->25905 25771 7ff6cdb295e8 25764->25771 25767 7ff6cdb29789 25781 7ff6cdb42200 25767->25781 25772 7ff6cdb29642 25771->25772 25780 7ff6cdb296e0 25771->25780 25776 7ff6cdb29670 25772->25776 25794 7ff6cdb30e3c WideCharToMultiByte 25772->25794 25774 7ff6cdb42200 _handle_error 8 API calls 25775 7ff6cdb29714 25774->25775 25775->25767 25790 7ff6cdb297b0 25775->25790 25779 7ff6cdb2969f 25776->25779 25796 7ff6cdb2aa38 45 API calls _snwprintf 25776->25796 25797 7ff6cdb4a150 31 API calls 2 library calls 25779->25797 25780->25774 25782 7ff6cdb42209 25781->25782 25783 7ff6cdb297a2 25782->25783 25784 7ff6cdb42430 IsProcessorFeaturePresent 25782->25784 25783->25745 25783->25746 25785 7ff6cdb42448 25784->25785 25798 7ff6cdb42624 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25785->25798 25787 7ff6cdb4245b 25799 7ff6cdb423f0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25787->25799 25791 7ff6cdb297f0 25790->25791 25793 7ff6cdb29819 25790->25793 25800 7ff6cdb4a150 31 API calls 2 library calls 25791->25800 25793->25767 25795 7ff6cdb30e7e 25794->25795 25795->25776 25796->25779 25797->25780 25798->25787 25800->25793 25817 7ff6cdb2d43c 25801->25817 25805 7ff6cdb2d851 _snwprintf 25814 7ff6cdb2d8e0 25805->25814 25831 7ff6cdb49dd0 25805->25831 25858 7ff6cdb19d78 33 API calls 25805->25858 25807 7ff6cdb2d90f 25808 7ff6cdb2d983 25807->25808 25811 7ff6cdb2d9ab 25807->25811 25810 7ff6cdb42200 _handle_error 8 API calls 25808->25810 25812 7ff6cdb2d997 25810->25812 25813 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25811->25813 25812->25729 25815 7ff6cdb2d9b0 25813->25815 25814->25807 25859 7ff6cdb19d78 33 API calls 25814->25859 25818 7ff6cdb2d5d1 25817->25818 25820 7ff6cdb2d46e 25817->25820 25821 7ff6cdb2cb2c 25818->25821 25819 7ff6cdb11744 33 API calls 25819->25820 25820->25818 25820->25819 25822 7ff6cdb2cb62 25821->25822 25828 7ff6cdb2cc2c 25821->25828 25825 7ff6cdb2cc27 25822->25825 25826 7ff6cdb2cbcc 25822->25826 25830 7ff6cdb2cb72 25822->25830 25869 7ff6cdb11f80 25825->25869 25826->25830 25860 7ff6cdb420b0 25826->25860 25876 7ff6cdb12004 33 API calls std::_Xinvalid_argument 25828->25876 25830->25805 25832 7ff6cdb49e16 25831->25832 25833 7ff6cdb49e2e 25831->25833 25892 7ff6cdb4d57c 15 API calls _invalid_parameter_noinfo_noreturn 25832->25892 25833->25832 25834 7ff6cdb49e38 25833->25834 25894 7ff6cdb47dd0 35 API calls 2 library calls 25834->25894 25837 7ff6cdb49e1b 25893 7ff6cdb477c4 31 API calls _invalid_parameter_noinfo_noreturn 25837->25893 25838 7ff6cdb49e49 memcpy_s 25895 7ff6cdb47d50 15 API calls _set_errno_from_matherr 25838->25895 25840 7ff6cdb42200 _handle_error 8 API calls 25841 7ff6cdb49feb 25840->25841 25841->25805 25843 7ff6cdb49eb4 25896 7ff6cdb481d8 46 API calls 3 library calls 25843->25896 25845 7ff6cdb49ebd 25846 7ff6cdb49ef4 25845->25846 25847 7ff6cdb49ec5 25845->25847 25849 7ff6cdb49f4c 25846->25849 25850 7ff6cdb49f72 25846->25850 25851 7ff6cdb49f03 25846->25851 25854 7ff6cdb49efa 25846->25854 25897 7ff6cdb4d7ec 25847->25897 25855 7ff6cdb4d7ec Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25849->25855 25850->25849 25852 7ff6cdb49f7c 25850->25852 25853 7ff6cdb4d7ec Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25851->25853 25856 7ff6cdb4d7ec Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25852->25856 25857 7ff6cdb49e26 25853->25857 25854->25849 25854->25851 25855->25857 25856->25857 25857->25840 25858->25805 25859->25807 25861 7ff6cdb420bb 25860->25861 25862 7ff6cdb420d4 25861->25862 25864 7ff6cdb420da 25861->25864 25877 7ff6cdb4baa0 25861->25877 25862->25830 25865 7ff6cdb420e5 25864->25865 25880 7ff6cdb42e5c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25864->25880 25866 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 25865->25866 25868 7ff6cdb420eb 25866->25868 25870 7ff6cdb11f8e std::bad_alloc::bad_alloc 25869->25870 25887 7ff6cdb43f58 25870->25887 25872 7ff6cdb11f9f 25873 7ff6cdb11fdc 25872->25873 25874 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25872->25874 25873->25828 25875 7ff6cdb12000 25874->25875 25881 7ff6cdb4bae0 25877->25881 25880->25865 25886 7ff6cdb4f278 EnterCriticalSection 25881->25886 25888 7ff6cdb43f77 25887->25888 25889 7ff6cdb43f94 RtlPcToFileHeader 25887->25889 25888->25889 25890 7ff6cdb43fac 25889->25890 25891 7ff6cdb43fbb RaiseException 25889->25891 25890->25891 25891->25872 25892->25837 25893->25857 25894->25838 25895->25843 25896->25845 25898 7ff6cdb4d7f1 RtlRestoreThreadPreferredUILanguages 25897->25898 25900 7ff6cdb4d821 Concurrency::details::SchedulerProxy::DeleteThis 25897->25900 25899 7ff6cdb4d80c 25898->25899 25898->25900 25903 7ff6cdb4d57c 15 API calls _invalid_parameter_noinfo_noreturn 25899->25903 25900->25857 25902 7ff6cdb4d811 GetLastError 25902->25900 25903->25902 25904->25761 26670 7ff6cdb41fd0 26671 7ff6cdb41fe6 _com_error::_com_error 26670->26671 26672 7ff6cdb43f58 Concurrency::cancel_current_task 2 API calls 26671->26672 26673 7ff6cdb41ff7 26672->26673 26674 7ff6cdb417e0 _com_raise_error 14 API calls 26673->26674 26675 7ff6cdb42043 26674->26675 26682 7ff6cdb4bcd8 26683 7ff6cdb4bd48 26682->26683 26684 7ff6cdb4bcfe GetModuleHandleW 26682->26684 26699 7ff6cdb4f278 EnterCriticalSection 26683->26699 26684->26683 26692 7ff6cdb4bd0b 26684->26692 26692->26683 26700 7ff6cdb4be90 GetModuleHandleExW 26692->26700 26701 7ff6cdb4beba GetProcAddress 26700->26701 26702 7ff6cdb4bee1 26700->26702 26701->26702 26703 7ff6cdb4bed4 26701->26703 26704 7ff6cdb4beeb FreeLibrary 26702->26704 26705 7ff6cdb4bef1 26702->26705 26703->26702 26704->26705 26705->26683 28636 7ff6cdb410af 28637 7ff6cdb40fe2 28636->28637 28638 7ff6cdb417e0 _com_raise_error 14 API calls 28637->28638 28638->28637 25926 7ff6cdb42c4c 25951 7ff6cdb426dc 25926->25951 25929 7ff6cdb42d98 26050 7ff6cdb43050 7 API calls 2 library calls 25929->26050 25930 7ff6cdb42c68 __scrt_acquire_startup_lock 25932 7ff6cdb42da2 25930->25932 25934 7ff6cdb42c86 25930->25934 26051 7ff6cdb43050 7 API calls 2 library calls 25932->26051 25935 7ff6cdb42cab 25934->25935 25939 7ff6cdb42cc8 __scrt_release_startup_lock 25934->25939 25959 7ff6cdb4cc70 25934->25959 25936 7ff6cdb42dad abort 25938 7ff6cdb42d31 25963 7ff6cdb4319c 25938->25963 25939->25938 26047 7ff6cdb4bf30 35 API calls __GSHandlerCheck_EH 25939->26047 25941 7ff6cdb42d36 25966 7ff6cdb4cc00 25941->25966 26052 7ff6cdb42e90 25951->26052 25954 7ff6cdb42707 25954->25929 25954->25930 25955 7ff6cdb4270b 26054 7ff6cdb4cb30 25955->26054 25960 7ff6cdb4cccb 25959->25960 25961 7ff6cdb4ccac 25959->25961 25960->25939 25961->25960 26071 7ff6cdb11120 25961->26071 26114 7ff6cdb43bd0 25963->26114 26116 7ff6cdb50610 25966->26116 25968 7ff6cdb42d3e 25971 7ff6cdb40634 25968->25971 25969 7ff6cdb4cc0f 25969->25968 26120 7ff6cdb509a0 35 API calls swprintf 25969->26120 26122 7ff6cdb2df3c 25971->26122 25975 7ff6cdb4067a 26209 7ff6cdb3934c 25975->26209 25977 7ff6cdb40684 memcpy_s 26214 7ff6cdb398f4 25977->26214 25979 7ff6cdb40cbc 25981 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25979->25981 25980 7ff6cdb4084e GetCommandLineW 25982 7ff6cdb40a22 25980->25982 25983 7ff6cdb40860 25980->25983 25985 7ff6cdb40cc2 25981->25985 26224 7ff6cdb26464 25982->26224 26297 7ff6cdb1129c 25983->26297 25984 7ff6cdb406f9 25984->25979 25984->25980 25987 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 25985->25987 25989 7ff6cdb40cc8 25987->25989 25988 7ff6cdb40a31 25992 7ff6cdb11fa0 31 API calls 25988->25992 25997 7ff6cdb40a48 memcpy_s 25988->25997 26271 7ff6cdb417e0 25989->26271 25991 7ff6cdb40885 26307 7ff6cdb3c9b0 102 API calls 3 library calls 25991->26307 25992->25997 25993 7ff6cdb11fa0 31 API calls 25994 7ff6cdb40a73 SetEnvironmentVariableW GetLocalTime 25993->25994 26236 7ff6cdb23e38 25994->26236 25997->25993 26000 7ff6cdb4088f 26000->25985 26003 7ff6cdb408d9 OpenFileMappingW 26000->26003 26004 7ff6cdb409bb 26000->26004 26006 7ff6cdb408f9 MapViewOfFile 26003->26006 26007 7ff6cdb409b0 CloseHandle 26003->26007 26011 7ff6cdb1129c 33 API calls 26004->26011 26006->26007 26009 7ff6cdb4091f UnmapViewOfFile MapViewOfFile 26006->26009 26007->25982 26009->26007 26012 7ff6cdb40951 26009->26012 26010 7ff6cdb40b55 26264 7ff6cdb36694 26010->26264 26015 7ff6cdb409e0 26011->26015 26308 7ff6cdb3a070 33 API calls 2 library calls 26012->26308 26312 7ff6cdb3fbec 35 API calls 2 library calls 26015->26312 26017 7ff6cdb40961 26309 7ff6cdb3fbec 35 API calls 2 library calls 26017->26309 26019 7ff6cdb409ea 26019->25982 26025 7ff6cdb40cb7 26019->26025 26021 7ff6cdb36694 33 API calls 26023 7ff6cdb40b67 DialogBoxParamW 26021->26023 26022 7ff6cdb40970 26310 7ff6cdb2b960 102 API calls 26022->26310 26030 7ff6cdb40bb3 26023->26030 26028 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26025->26028 26026 7ff6cdb40985 26311 7ff6cdb2baac 102 API calls 26026->26311 26028->25979 26029 7ff6cdb40998 26034 7ff6cdb409a7 UnmapViewOfFile 26029->26034 26031 7ff6cdb40bc6 Sleep 26030->26031 26032 7ff6cdb40bcc 26030->26032 26031->26032 26033 7ff6cdb40bda 26032->26033 26313 7ff6cdb39e2c 49 API calls 2 library calls 26032->26313 26036 7ff6cdb40be6 DeleteObject 26033->26036 26034->26007 26037 7ff6cdb40bff DeleteObject 26036->26037 26038 7ff6cdb40c05 26036->26038 26037->26038 26039 7ff6cdb40c4d 26038->26039 26040 7ff6cdb40c3b 26038->26040 26267 7ff6cdb393c4 26039->26267 26314 7ff6cdb3fd04 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 26040->26314 26043 7ff6cdb40c40 CloseHandle 26043->26039 26047->25938 26050->25932 26051->25936 26053 7ff6cdb426fe __scrt_dllmain_crt_thread_attach 26052->26053 26053->25954 26053->25955 26055 7ff6cdb50c2c 26054->26055 26056 7ff6cdb42710 26055->26056 26059 7ff6cdb4eae0 26055->26059 26056->25954 26058 7ff6cdb45080 7 API calls 2 library calls 26056->26058 26058->25954 26070 7ff6cdb4f278 EnterCriticalSection 26059->26070 26076 7ff6cdb191c8 26071->26076 26075 7ff6cdb428e1 26075->25961 26084 7ff6cdb256b4 26076->26084 26078 7ff6cdb191df 26087 7ff6cdb2b734 26078->26087 26082 7ff6cdb11130 26083 7ff6cdb4289c 34 API calls 26082->26083 26083->26075 26093 7ff6cdb256f8 26084->26093 26102 7ff6cdb113a4 26087->26102 26090 7ff6cdb19a28 26091 7ff6cdb256f8 2 API calls 26090->26091 26092 7ff6cdb19a36 26091->26092 26092->26082 26094 7ff6cdb2570e memcpy_s 26093->26094 26097 7ff6cdb2eb10 26094->26097 26100 7ff6cdb2eac4 GetCurrentProcess GetProcessAffinityMask 26097->26100 26101 7ff6cdb256ee 26100->26101 26101->26078 26103 7ff6cdb113ad 26102->26103 26111 7ff6cdb1142d 26102->26111 26104 7ff6cdb1143d 26103->26104 26108 7ff6cdb113ce 26103->26108 26113 7ff6cdb12018 33 API calls std::_Xinvalid_argument 26104->26113 26106 7ff6cdb113db memcpy_s 26112 7ff6cdb1197c 31 API calls _invalid_parameter_noinfo_noreturn 26106->26112 26108->26106 26109 7ff6cdb420b0 33 API calls 26108->26109 26109->26106 26111->26090 26112->26111 26115 7ff6cdb431b3 GetStartupInfoW 26114->26115 26115->25941 26117 7ff6cdb5061d 26116->26117 26118 7ff6cdb50629 26116->26118 26121 7ff6cdb50450 48 API calls 4 library calls 26117->26121 26118->25969 26120->25969 26121->26118 26315 7ff6cdb42330 26122->26315 26125 7ff6cdb2dfe7 26129 7ff6cdb2e46f 26125->26129 26348 7ff6cdb4b668 39 API calls _snwprintf 26125->26348 26126 7ff6cdb2df92 GetProcAddress 26127 7ff6cdb2dfa7 26126->26127 26128 7ff6cdb2dfbf GetProcAddress 26126->26128 26127->26128 26128->26125 26131 7ff6cdb2dfd4 26128->26131 26130 7ff6cdb26464 34 API calls 26129->26130 26133 7ff6cdb2e478 26130->26133 26131->26125 26317 7ff6cdb27da4 26133->26317 26134 7ff6cdb2e31c 26134->26129 26136 7ff6cdb2e326 26134->26136 26137 7ff6cdb26464 34 API calls 26136->26137 26138 7ff6cdb2e32f CreateFileW 26137->26138 26139 7ff6cdb2e45c CloseHandle 26138->26139 26140 7ff6cdb2e36f SetFilePointer 26138->26140 26143 7ff6cdb11fa0 31 API calls 26139->26143 26140->26139 26142 7ff6cdb2e388 ReadFile 26140->26142 26142->26139 26144 7ff6cdb2e3b0 26142->26144 26143->26129 26145 7ff6cdb2e76c 26144->26145 26146 7ff6cdb2e3c4 26144->26146 26357 7ff6cdb42504 8 API calls 26145->26357 26151 7ff6cdb1129c 33 API calls 26146->26151 26148 7ff6cdb1129c 33 API calls 26164 7ff6cdb2e486 26148->26164 26149 7ff6cdb2e771 26150 7ff6cdb2e4aa CompareStringW 26150->26164 26157 7ff6cdb2e3fb 26151->26157 26153 7ff6cdb11fa0 31 API calls 26153->26164 26155 7ff6cdb2e72e 26159 7ff6cdb11fa0 31 API calls 26155->26159 26156 7ff6cdb2e5b4 26350 7ff6cdb27e60 47 API calls 26156->26350 26161 7ff6cdb2e447 26157->26161 26349 7ff6cdb2d04c 33 API calls 26157->26349 26163 7ff6cdb2e737 26159->26163 26165 7ff6cdb11fa0 31 API calls 26161->26165 26162 7ff6cdb2e5bd 26167 7ff6cdb251b4 9 API calls 26162->26167 26169 7ff6cdb11fa0 31 API calls 26163->26169 26164->26148 26164->26150 26164->26153 26172 7ff6cdb2e538 26164->26172 26325 7ff6cdb251b4 26164->26325 26330 7ff6cdb28040 26164->26330 26334 7ff6cdb232cc 26164->26334 26166 7ff6cdb2e451 26165->26166 26170 7ff6cdb11fa0 31 API calls 26166->26170 26171 7ff6cdb2e5c2 26167->26171 26168 7ff6cdb1129c 33 API calls 26168->26172 26173 7ff6cdb2e741 26169->26173 26170->26139 26174 7ff6cdb2e5cd 26171->26174 26175 7ff6cdb2e672 26171->26175 26172->26168 26176 7ff6cdb28040 47 API calls 26172->26176 26181 7ff6cdb11fa0 31 API calls 26172->26181 26185 7ff6cdb232cc 51 API calls 26172->26185 26190 7ff6cdb2e5a6 26172->26190 26177 7ff6cdb42200 _handle_error 8 API calls 26173->26177 26187 7ff6cdb2aa90 48 API calls 26174->26187 26178 7ff6cdb2da04 48 API calls 26175->26178 26176->26172 26179 7ff6cdb2e750 26177->26179 26180 7ff6cdb2e6b7 AllocConsole 26178->26180 26199 7ff6cdb262ec GetCurrentDirectoryW 26179->26199 26182 7ff6cdb2e667 26180->26182 26183 7ff6cdb2e6c1 GetCurrentProcessId AttachConsole 26180->26183 26181->26172 26186 7ff6cdb119e0 std::locale::global 31 API calls 26182->26186 26184 7ff6cdb2e6d8 26183->26184 26192 7ff6cdb2e6e4 GetStdHandle WriteConsoleW Sleep FreeConsole 26184->26192 26185->26172 26188 7ff6cdb2e725 ExitProcess 26186->26188 26189 7ff6cdb2e611 26187->26189 26191 7ff6cdb2da04 48 API calls 26189->26191 26190->26155 26190->26156 26193 7ff6cdb2e62f 26191->26193 26192->26182 26194 7ff6cdb2aa90 48 API calls 26193->26194 26195 7ff6cdb2e63a 26194->26195 26351 7ff6cdb2db98 33 API calls 26195->26351 26197 7ff6cdb2e646 26352 7ff6cdb119e0 26197->26352 26200 7ff6cdb26310 26199->26200 26206 7ff6cdb2639d 26199->26206 26201 7ff6cdb113a4 33 API calls 26200->26201 26202 7ff6cdb2632b GetCurrentDirectoryW 26201->26202 26203 7ff6cdb26351 26202->26203 26458 7ff6cdb120b0 26203->26458 26205 7ff6cdb2635f 26205->26206 26207 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26205->26207 26206->25975 26208 7ff6cdb263b9 26207->26208 26210 7ff6cdb2dcf4 26209->26210 26211 7ff6cdb39361 OleInitialize 26210->26211 26212 7ff6cdb39387 26211->26212 26213 7ff6cdb393ad SHGetMalloc 26212->26213 26213->25977 26215 7ff6cdb39929 26214->26215 26217 7ff6cdb3992e memcpy_s 26214->26217 26216 7ff6cdb11fa0 31 API calls 26215->26216 26216->26217 26218 7ff6cdb11fa0 31 API calls 26217->26218 26220 7ff6cdb3995d memcpy_s 26217->26220 26218->26220 26219 7ff6cdb11fa0 31 API calls 26221 7ff6cdb3998c memcpy_s 26219->26221 26220->26219 26220->26221 26222 7ff6cdb11fa0 31 API calls 26221->26222 26223 7ff6cdb399bb memcpy_s 26221->26223 26222->26223 26223->25984 26223->26223 26225 7ff6cdb113a4 33 API calls 26224->26225 26226 7ff6cdb26499 26225->26226 26227 7ff6cdb2649c GetModuleFileNameW 26226->26227 26229 7ff6cdb264ec 26226->26229 26228 7ff6cdb264ee 26227->26228 26230 7ff6cdb264b7 26227->26230 26228->26229 26231 7ff6cdb1129c 33 API calls 26229->26231 26230->26226 26233 7ff6cdb26516 26231->26233 26232 7ff6cdb2654e 26232->25988 26233->26232 26234 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26233->26234 26235 7ff6cdb26570 26234->26235 26237 7ff6cdb23e5d _snwprintf 26236->26237 26238 7ff6cdb49dd0 swprintf 46 API calls 26237->26238 26239 7ff6cdb23e79 SetEnvironmentVariableW GetModuleHandleW LoadIconW 26238->26239 26240 7ff6cdb3aef4 LoadBitmapW 26239->26240 26241 7ff6cdb3af1e 26240->26241 26245 7ff6cdb3af26 26240->26245 26463 7ff6cdb38504 FindResourceW 26241->26463 26243 7ff6cdb3af2e GetObjectW 26244 7ff6cdb3af43 26243->26244 26477 7ff6cdb3837c 26244->26477 26245->26243 26245->26244 26248 7ff6cdb3afae 26259 7ff6cdb2985c 26248->26259 26249 7ff6cdb3af7e 26482 7ff6cdb383e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26249->26482 26250 7ff6cdb38504 10 API calls 26252 7ff6cdb3af6a 26250->26252 26252->26249 26254 7ff6cdb3af72 DeleteObject 26252->26254 26253 7ff6cdb3af87 26483 7ff6cdb383ac 26253->26483 26254->26249 26258 7ff6cdb3af9f DeleteObject 26258->26248 26490 7ff6cdb2988c 26259->26490 26261 7ff6cdb2986a 26557 7ff6cdb2a3ec GetModuleHandleW FindResourceW 26261->26557 26263 7ff6cdb29872 26263->26010 26265 7ff6cdb420b0 33 API calls 26264->26265 26266 7ff6cdb366da 26265->26266 26266->26021 26268 7ff6cdb393e1 26267->26268 26269 7ff6cdb393ea OleUninitialize 26268->26269 26270 7ff6cdb7e330 26269->26270 26639 7ff6cdb41438 26271->26639 26274 7ff6cdb4186b 26276 7ff6cdb41748 DloadReleaseSectionWriteAccess 6 API calls 26274->26276 26275 7ff6cdb41894 26278 7ff6cdb4191d LoadLibraryExA 26275->26278 26279 7ff6cdb41989 26275->26279 26281 7ff6cdb41a65 26275->26281 26286 7ff6cdb4199d 26275->26286 26277 7ff6cdb41878 RaiseException 26276->26277 26290 7ff6cdb40d14 26277->26290 26278->26279 26280 7ff6cdb41934 GetLastError 26278->26280 26285 7ff6cdb41994 FreeLibrary 26279->26285 26279->26286 26283 7ff6cdb41949 26280->26283 26284 7ff6cdb4195e 26280->26284 26647 7ff6cdb41748 26281->26647 26282 7ff6cdb419fb GetProcAddress 26282->26281 26289 7ff6cdb41a10 GetLastError 26282->26289 26283->26279 26283->26284 26288 7ff6cdb41748 DloadReleaseSectionWriteAccess 6 API calls 26284->26288 26285->26286 26286->26281 26286->26282 26291 7ff6cdb4196b RaiseException 26288->26291 26292 7ff6cdb41a25 26289->26292 26291->26290 26292->26281 26293 7ff6cdb41748 DloadReleaseSectionWriteAccess 6 API calls 26292->26293 26294 7ff6cdb41a47 RaiseException 26293->26294 26295 7ff6cdb41438 _com_raise_error 6 API calls 26294->26295 26296 7ff6cdb41a61 26295->26296 26296->26281 26298 7ff6cdb1139b 26297->26298 26299 7ff6cdb112d0 26297->26299 26668 7ff6cdb12004 33 API calls std::_Xinvalid_argument 26298->26668 26302 7ff6cdb11396 26299->26302 26303 7ff6cdb11338 26299->26303 26306 7ff6cdb112de memcpy_s 26299->26306 26304 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 26302->26304 26305 7ff6cdb420b0 33 API calls 26303->26305 26303->26306 26304->26298 26305->26306 26306->25991 26307->26000 26308->26017 26309->26022 26310->26026 26311->26029 26312->26019 26313->26033 26314->26043 26316 7ff6cdb2df60 GetModuleHandleW 26315->26316 26316->26125 26316->26126 26318 7ff6cdb27dbc 26317->26318 26319 7ff6cdb27dd3 26318->26319 26320 7ff6cdb27e05 26318->26320 26322 7ff6cdb1129c 33 API calls 26319->26322 26358 7ff6cdb1704c 47 API calls memcpy_s 26320->26358 26324 7ff6cdb27df7 26322->26324 26323 7ff6cdb27e0a 26324->26164 26326 7ff6cdb251d8 GetVersionExW 26325->26326 26327 7ff6cdb2520b 26325->26327 26326->26327 26328 7ff6cdb42200 _handle_error 8 API calls 26327->26328 26329 7ff6cdb25238 26328->26329 26329->26164 26331 7ff6cdb28055 26330->26331 26359 7ff6cdb28138 26331->26359 26333 7ff6cdb2807a 26333->26164 26335 7ff6cdb232f7 GetFileAttributesW 26334->26335 26336 7ff6cdb232f4 26334->26336 26337 7ff6cdb23308 26335->26337 26344 7ff6cdb23385 26335->26344 26336->26335 26368 7ff6cdb26a1c 26337->26368 26338 7ff6cdb42200 _handle_error 8 API calls 26340 7ff6cdb23399 26338->26340 26340->26164 26342 7ff6cdb2334c 26342->26344 26345 7ff6cdb233a9 26342->26345 26343 7ff6cdb23333 GetFileAttributesW 26343->26342 26344->26338 26346 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26345->26346 26347 7ff6cdb233ae 26346->26347 26348->26134 26349->26157 26350->26162 26351->26197 26353 7ff6cdb11fa0 26352->26353 26354 7ff6cdb11fdc 26353->26354 26355 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26353->26355 26354->26182 26356 7ff6cdb12000 26355->26356 26357->26149 26358->26323 26360 7ff6cdb282d6 26359->26360 26363 7ff6cdb2816a 26359->26363 26367 7ff6cdb1704c 47 API calls memcpy_s 26360->26367 26362 7ff6cdb282db 26365 7ff6cdb28184 memcpy_s 26363->26365 26366 7ff6cdb258b4 33 API calls 2 library calls 26363->26366 26365->26333 26366->26365 26367->26362 26369 7ff6cdb26a5b 26368->26369 26390 7ff6cdb26a54 26368->26390 26371 7ff6cdb1129c 33 API calls 26369->26371 26370 7ff6cdb42200 _handle_error 8 API calls 26372 7ff6cdb2332f 26370->26372 26373 7ff6cdb26a86 26371->26373 26372->26342 26372->26343 26374 7ff6cdb26cd7 26373->26374 26375 7ff6cdb26aa6 26373->26375 26376 7ff6cdb262ec 35 API calls 26374->26376 26377 7ff6cdb26ac0 26375->26377 26401 7ff6cdb26b59 26375->26401 26381 7ff6cdb26cf6 26376->26381 26378 7ff6cdb270bb 26377->26378 26441 7ff6cdb1c0a8 33 API calls 2 library calls 26377->26441 26453 7ff6cdb12004 33 API calls std::_Xinvalid_argument 26378->26453 26380 7ff6cdb26eff 26384 7ff6cdb270df 26380->26384 26450 7ff6cdb1c0a8 33 API calls 2 library calls 26380->26450 26381->26380 26385 7ff6cdb26d2b 26381->26385 26387 7ff6cdb26b54 26381->26387 26382 7ff6cdb270c1 26393 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26382->26393 26456 7ff6cdb12004 33 API calls std::_Xinvalid_argument 26384->26456 26392 7ff6cdb270cd 26385->26392 26444 7ff6cdb1c0a8 33 API calls 2 library calls 26385->26444 26386 7ff6cdb270e5 26394 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26386->26394 26387->26382 26387->26386 26387->26390 26395 7ff6cdb270b6 26387->26395 26389 7ff6cdb26b13 26402 7ff6cdb11fa0 31 API calls 26389->26402 26408 7ff6cdb26b25 memcpy_s 26389->26408 26390->26370 26454 7ff6cdb12004 33 API calls std::_Xinvalid_argument 26392->26454 26399 7ff6cdb270c7 26393->26399 26400 7ff6cdb270eb 26394->26400 26406 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26395->26406 26396 7ff6cdb26f66 26451 7ff6cdb111cc 33 API calls memcpy_s 26396->26451 26410 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26399->26410 26412 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26400->26412 26401->26387 26407 7ff6cdb1129c 33 API calls 26401->26407 26402->26408 26404 7ff6cdb270d3 26415 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26404->26415 26405 7ff6cdb11fa0 31 API calls 26405->26387 26406->26378 26413 7ff6cdb26bce 26407->26413 26408->26405 26409 7ff6cdb26f79 26452 7ff6cdb257bc 33 API calls memcpy_s 26409->26452 26410->26392 26411 7ff6cdb11fa0 31 API calls 26427 7ff6cdb26e05 26411->26427 26416 7ff6cdb270f1 26412->26416 26442 7ff6cdb25830 33 API calls 26413->26442 26418 7ff6cdb270d9 26415->26418 26455 7ff6cdb1704c 47 API calls memcpy_s 26418->26455 26419 7ff6cdb26d86 memcpy_s 26419->26404 26419->26411 26420 7ff6cdb26be3 26443 7ff6cdb1e11c 33 API calls 2 library calls 26420->26443 26421 7ff6cdb11fa0 31 API calls 26425 7ff6cdb26ffc 26421->26425 26424 7ff6cdb26f89 memcpy_s 26424->26400 26424->26421 26426 7ff6cdb11fa0 31 API calls 26425->26426 26430 7ff6cdb27006 26426->26430 26431 7ff6cdb26e31 26427->26431 26445 7ff6cdb11744 33 API calls 4 library calls 26427->26445 26429 7ff6cdb11fa0 31 API calls 26433 7ff6cdb26c7d 26429->26433 26434 7ff6cdb11fa0 31 API calls 26430->26434 26431->26418 26435 7ff6cdb1129c 33 API calls 26431->26435 26432 7ff6cdb26bf9 memcpy_s 26432->26399 26432->26429 26436 7ff6cdb11fa0 31 API calls 26433->26436 26434->26387 26437 7ff6cdb26ed2 26435->26437 26436->26387 26446 7ff6cdb12034 26437->26446 26439 7ff6cdb26eef 26440 7ff6cdb11fa0 31 API calls 26439->26440 26440->26387 26441->26389 26442->26420 26443->26432 26444->26419 26445->26431 26447 7ff6cdb12085 26446->26447 26449 7ff6cdb12059 memcpy_s 26446->26449 26457 7ff6cdb115b8 33 API calls 3 library calls 26447->26457 26449->26439 26450->26396 26451->26409 26452->26424 26455->26384 26457->26449 26459 7ff6cdb120f6 26458->26459 26461 7ff6cdb120cb memcpy_s 26458->26461 26462 7ff6cdb11474 33 API calls 3 library calls 26459->26462 26461->26205 26462->26461 26464 7ff6cdb3852f SizeofResource 26463->26464 26465 7ff6cdb3867b 26463->26465 26464->26465 26466 7ff6cdb38549 LoadResource 26464->26466 26465->26245 26466->26465 26467 7ff6cdb38562 LockResource 26466->26467 26467->26465 26468 7ff6cdb38577 GlobalAlloc 26467->26468 26468->26465 26469 7ff6cdb38598 GlobalLock 26468->26469 26470 7ff6cdb38672 GlobalFree 26469->26470 26471 7ff6cdb385aa memcpy_s 26469->26471 26470->26465 26472 7ff6cdb38669 GlobalUnlock 26471->26472 26473 7ff6cdb385d6 GdipAlloc 26471->26473 26472->26470 26474 7ff6cdb385eb 26473->26474 26474->26472 26475 7ff6cdb3863a GdipCreateHBITMAPFromBitmap 26474->26475 26476 7ff6cdb38652 26474->26476 26475->26476 26476->26472 26478 7ff6cdb383ac 4 API calls 26477->26478 26479 7ff6cdb3838a 26478->26479 26480 7ff6cdb38399 26479->26480 26488 7ff6cdb383e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26479->26488 26480->26248 26480->26249 26480->26250 26482->26253 26484 7ff6cdb383c3 26483->26484 26485 7ff6cdb383be 26483->26485 26487 7ff6cdb38cd4 16 API calls _handle_error 26484->26487 26489 7ff6cdb38470 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26485->26489 26487->26258 26488->26480 26489->26484 26493 7ff6cdb298ae _snwprintf 26490->26493 26491 7ff6cdb29923 26608 7ff6cdb268c0 48 API calls 26491->26608 26493->26491 26494 7ff6cdb29a39 26493->26494 26496 7ff6cdb299ad 26494->26496 26498 7ff6cdb120b0 33 API calls 26494->26498 26495 7ff6cdb11fa0 31 API calls 26495->26496 26559 7ff6cdb224d0 26496->26559 26497 7ff6cdb2992d memcpy_s 26497->26495 26555 7ff6cdb2a3de 26497->26555 26498->26496 26499 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26501 7ff6cdb2a3e4 26499->26501 26504 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26501->26504 26503 7ff6cdb299d2 26507 7ff6cdb22058 100 API calls 26503->26507 26505 7ff6cdb2a3ea 26504->26505 26506 7ff6cdb29ac7 26577 7ff6cdb4a330 26506->26577 26509 7ff6cdb299db 26507->26509 26509->26501 26512 7ff6cdb29a16 26509->26512 26511 7ff6cdb29a5d 26511->26506 26513 7ff6cdb28e08 33 API calls 26511->26513 26515 7ff6cdb42200 _handle_error 8 API calls 26512->26515 26513->26511 26514 7ff6cdb4a330 31 API calls 26527 7ff6cdb29b07 __vcrt_InitializeCriticalSectionEx 26514->26527 26516 7ff6cdb2a3be 26515->26516 26516->26261 26517 7ff6cdb29c39 26518 7ff6cdb22ab0 101 API calls 26517->26518 26531 7ff6cdb29d0c 26517->26531 26521 7ff6cdb29c51 26518->26521 26524 7ff6cdb228e0 104 API calls 26521->26524 26521->26531 26528 7ff6cdb29c79 26524->26528 26527->26517 26527->26531 26585 7ff6cdb22bc0 26527->26585 26594 7ff6cdb228e0 26527->26594 26599 7ff6cdb22ab0 26527->26599 26530 7ff6cdb29c87 __vcrt_InitializeCriticalSectionEx 26528->26530 26528->26531 26609 7ff6cdb30a90 MultiByteToWideChar 26528->26609 26530->26531 26532 7ff6cdb2a19c 26530->26532 26535 7ff6cdb2a107 26530->26535 26536 7ff6cdb2a0fb 26530->26536 26551 7ff6cdb2a3d9 26530->26551 26553 7ff6cdb30e3c WideCharToMultiByte 26530->26553 26610 7ff6cdb2aa38 45 API calls _snwprintf 26530->26610 26611 7ff6cdb4a150 31 API calls 2 library calls 26530->26611 26604 7ff6cdb22058 26531->26604 26534 7ff6cdb2a272 26532->26534 26615 7ff6cdb4ce70 31 API calls 2 library calls 26532->26615 26539 7ff6cdb2a352 26534->26539 26542 7ff6cdb28e08 33 API calls 26534->26542 26535->26532 26612 7ff6cdb4ce70 31 API calls 2 library calls 26535->26612 26536->26261 26541 7ff6cdb4a330 31 API calls 26539->26541 26540 7ff6cdb2a25e 26540->26534 26617 7ff6cdb28c80 33 API calls 2 library calls 26540->26617 26544 7ff6cdb2a37b 26541->26544 26542->26534 26548 7ff6cdb4a330 31 API calls 26544->26548 26546 7ff6cdb2a1f9 26616 7ff6cdb4b69c 31 API calls _invalid_parameter_noinfo_noreturn 26546->26616 26547 7ff6cdb2a11d 26613 7ff6cdb4b69c 31 API calls _invalid_parameter_noinfo_noreturn 26547->26613 26548->26531 26549 7ff6cdb2a188 26549->26532 26614 7ff6cdb28c80 33 API calls 2 library calls 26549->26614 26618 7ff6cdb42504 8 API calls 26551->26618 26553->26530 26555->26499 26558 7ff6cdb2a418 26557->26558 26558->26263 26560 7ff6cdb2250d CreateFileW 26559->26560 26562 7ff6cdb225be GetLastError 26560->26562 26571 7ff6cdb2267e 26560->26571 26563 7ff6cdb26a1c 49 API calls 26562->26563 26564 7ff6cdb225ec 26563->26564 26565 7ff6cdb225f0 CreateFileW GetLastError 26564->26565 26572 7ff6cdb2263c 26564->26572 26565->26572 26566 7ff6cdb226c1 SetFileTime 26570 7ff6cdb226df 26566->26570 26567 7ff6cdb22718 26568 7ff6cdb42200 _handle_error 8 API calls 26567->26568 26569 7ff6cdb2272b 26568->26569 26569->26503 26569->26511 26570->26567 26573 7ff6cdb120b0 33 API calls 26570->26573 26571->26566 26571->26570 26572->26571 26574 7ff6cdb22746 26572->26574 26573->26567 26575 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26574->26575 26576 7ff6cdb2274b 26575->26576 26578 7ff6cdb4a35d 26577->26578 26584 7ff6cdb4a372 26578->26584 26619 7ff6cdb4d57c 15 API calls _invalid_parameter_noinfo_noreturn 26578->26619 26580 7ff6cdb4a367 26620 7ff6cdb477c4 31 API calls _invalid_parameter_noinfo_noreturn 26580->26620 26581 7ff6cdb42200 _handle_error 8 API calls 26583 7ff6cdb29ae7 26581->26583 26583->26514 26584->26581 26586 7ff6cdb22bf9 26585->26586 26587 7ff6cdb22bdd 26585->26587 26588 7ff6cdb22c0b 26586->26588 26590 7ff6cdb22c11 SetFilePointer 26586->26590 26587->26588 26621 7ff6cdb1b9d4 99 API calls Concurrency::cancel_current_task 26587->26621 26588->26527 26590->26588 26591 7ff6cdb22c2e GetLastError 26590->26591 26591->26588 26592 7ff6cdb22c38 26591->26592 26592->26588 26622 7ff6cdb1b9d4 99 API calls Concurrency::cancel_current_task 26592->26622 26595 7ff6cdb22906 26594->26595 26596 7ff6cdb2290d 26594->26596 26595->26527 26596->26595 26598 7ff6cdb22330 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26596->26598 26623 7ff6cdb1b8b4 99 API calls Concurrency::cancel_current_task 26596->26623 26598->26596 26624 7ff6cdb22788 26599->26624 26601 7ff6cdb22ad7 26601->26527 26605 7ff6cdb22072 26604->26605 26606 7ff6cdb2207e 26604->26606 26605->26606 26632 7ff6cdb220e0 26605->26632 26608->26497 26609->26530 26610->26530 26611->26530 26612->26547 26613->26549 26614->26532 26615->26546 26616->26540 26617->26534 26618->26555 26619->26580 26620->26584 26630 7ff6cdb22799 _snwprintf 26624->26630 26625 7ff6cdb228a0 SetFilePointer 26627 7ff6cdb227c5 26625->26627 26629 7ff6cdb228c8 GetLastError 26625->26629 26626 7ff6cdb42200 _handle_error 8 API calls 26628 7ff6cdb2282d 26626->26628 26627->26626 26628->26601 26631 7ff6cdb1b9d4 99 API calls Concurrency::cancel_current_task 26628->26631 26629->26627 26630->26625 26630->26627 26633 7ff6cdb220fa 26632->26633 26635 7ff6cdb22112 26632->26635 26633->26635 26636 7ff6cdb22106 FindCloseChangeNotification 26633->26636 26634 7ff6cdb22136 26634->26606 26635->26634 26638 7ff6cdb1b554 99 API calls 26635->26638 26636->26635 26638->26634 26640 7ff6cdb414b3 26639->26640 26641 7ff6cdb4144e 26639->26641 26640->26274 26640->26275 26655 7ff6cdb414e4 26641->26655 26644 7ff6cdb414ae 26646 7ff6cdb414e4 DloadReleaseSectionWriteAccess 3 API calls 26644->26646 26646->26640 26648 7ff6cdb41758 26647->26648 26654 7ff6cdb417b1 26647->26654 26649 7ff6cdb414e4 DloadReleaseSectionWriteAccess 3 API calls 26648->26649 26650 7ff6cdb4175d 26649->26650 26651 7ff6cdb417ac 26650->26651 26652 7ff6cdb416b8 DloadProtectSection 3 API calls 26650->26652 26653 7ff6cdb414e4 DloadReleaseSectionWriteAccess 3 API calls 26651->26653 26652->26651 26653->26654 26654->26290 26656 7ff6cdb414ff 26655->26656 26657 7ff6cdb41453 26655->26657 26656->26657 26658 7ff6cdb41504 GetModuleHandleW 26656->26658 26657->26644 26662 7ff6cdb416b8 26657->26662 26659 7ff6cdb4151e GetProcAddress 26658->26659 26661 7ff6cdb41519 26658->26661 26660 7ff6cdb41533 GetProcAddress 26659->26660 26659->26661 26660->26661 26661->26657 26665 7ff6cdb416da DloadProtectSection 26662->26665 26663 7ff6cdb416e2 26663->26644 26664 7ff6cdb4171a VirtualProtect 26664->26663 26665->26663 26665->26664 26667 7ff6cdb41584 VirtualQuery GetSystemInfo 26665->26667 26667->26664 26676 7ff6cdb40cd5 14 API calls _com_raise_error 26730 7ff6cdb3b070 27073 7ff6cdb1255c 26730->27073 26732 7ff6cdb3b0bb 26733 7ff6cdb3b0cf 26732->26733 26734 7ff6cdb3bd73 26732->26734 26879 7ff6cdb3b0ec 26732->26879 26738 7ff6cdb3b1bb 26733->26738 26739 7ff6cdb3b0df 26733->26739 26733->26879 27337 7ff6cdb3f270 26734->27337 26737 7ff6cdb42200 _handle_error 8 API calls 26743 7ff6cdb3c230 26737->26743 26740 7ff6cdb3b271 26738->26740 26746 7ff6cdb3b1d5 26738->26746 26744 7ff6cdb3b189 26739->26744 26745 7ff6cdb3b0e7 26739->26745 27081 7ff6cdb122bc GetDlgItem 26740->27081 26741 7ff6cdb3bda9 26748 7ff6cdb3bdd0 GetDlgItem IsDlgButtonChecked 26741->26748 26749 7ff6cdb3bdb5 SendDlgItemMessageW 26741->26749 26742 7ff6cdb3bd9a IsDlgButtonChecked 26742->26741 26750 7ff6cdb3b1ab EndDialog 26744->26750 26744->26879 26751 7ff6cdb2aa90 48 API calls 26745->26751 26745->26879 26752 7ff6cdb2aa90 48 API calls 26746->26752 26754 7ff6cdb262ec 35 API calls 26748->26754 26749->26748 26750->26879 26756 7ff6cdb3b116 26751->26756 26757 7ff6cdb3b1f3 SetDlgItemTextW 26752->26757 26755 7ff6cdb3be27 GetDlgItem 26754->26755 27356 7ff6cdb12520 26755->27356 27360 7ff6cdb11ec4 34 API calls _handle_error 26756->27360 26762 7ff6cdb3b206 26757->26762 26760 7ff6cdb3b2e8 GetDlgItem 26765 7ff6cdb3b32f SetFocus 26760->26765 26766 7ff6cdb3b302 IsDlgButtonChecked IsDlgButtonChecked 26760->26766 26761 7ff6cdb3b2d5 26780 7ff6cdb3bba5 26761->26780 26897 7ff6cdb3b291 EndDialog 26761->26897 26771 7ff6cdb3b220 GetMessageW 26762->26771 26762->26879 26764 7ff6cdb3b126 26770 7ff6cdb3b13c 26764->26770 26776 7ff6cdb1250c SetDlgItemTextW 26764->26776 26772 7ff6cdb3b345 26765->26772 26773 7ff6cdb3b3d2 26765->26773 26766->26765 26768 7ff6cdb3b2ba 26774 7ff6cdb11fa0 31 API calls 26768->26774 26788 7ff6cdb3c243 26770->26788 26770->26879 26778 7ff6cdb3b23e IsDialogMessageW 26771->26778 26771->26879 26779 7ff6cdb2aa90 48 API calls 26772->26779 27095 7ff6cdb18d04 26773->27095 26774->26879 26776->26770 26778->26762 26783 7ff6cdb3b253 TranslateMessage DispatchMessageW 26778->26783 26784 7ff6cdb3b34f 26779->26784 26785 7ff6cdb2aa90 48 API calls 26780->26785 26782 7ff6cdb3b40c 27105 7ff6cdb3ee60 26782->27105 26783->26762 26798 7ff6cdb1129c 33 API calls 26784->26798 26789 7ff6cdb3bbb6 SetDlgItemTextW 26785->26789 26793 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26788->26793 26792 7ff6cdb2aa90 48 API calls 26789->26792 26799 7ff6cdb3bbe8 26792->26799 26794 7ff6cdb3c248 26793->26794 26804 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26794->26804 26797 7ff6cdb2aa90 48 API calls 26801 7ff6cdb3b435 26797->26801 26802 7ff6cdb3b378 26798->26802 26811 7ff6cdb1129c 33 API calls 26799->26811 26807 7ff6cdb2da04 48 API calls 26801->26807 26808 7ff6cdb3ef84 24 API calls 26802->26808 26812 7ff6cdb3c24e 26804->26812 26816 7ff6cdb3b448 26807->26816 26809 7ff6cdb3b385 26808->26809 26809->26794 26831 7ff6cdb3b3c8 26809->26831 26839 7ff6cdb3bc11 26811->26839 26823 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26812->26823 27119 7ff6cdb3ef84 26816->27119 26822 7ff6cdb3bcba 26832 7ff6cdb2aa90 48 API calls 26822->26832 26833 7ff6cdb3c254 26823->26833 26827 7ff6cdb11fa0 31 API calls 26837 7ff6cdb3b466 26827->26837 26830 7ff6cdb3b4cc 26842 7ff6cdb3b4fa 26830->26842 27362 7ff6cdb232b8 26830->27362 26831->26830 27361 7ff6cdb3f960 33 API calls 2 library calls 26831->27361 26844 7ff6cdb3bcc4 26832->26844 26850 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26833->26850 26837->26812 26837->26831 26839->26822 26851 7ff6cdb1129c 33 API calls 26839->26851 27133 7ff6cdb22f68 26842->27133 26862 7ff6cdb1129c 33 API calls 26844->26862 26856 7ff6cdb3c25a 26850->26856 26857 7ff6cdb3bc5f 26851->26857 26868 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26856->26868 26864 7ff6cdb2aa90 48 API calls 26857->26864 26860 7ff6cdb3b52c 27145 7ff6cdb27f74 26860->27145 26861 7ff6cdb3b514 GetLastError 26861->26860 26867 7ff6cdb3bced 26862->26867 26869 7ff6cdb3bc6a 26864->26869 26866 7ff6cdb3b4ee 27365 7ff6cdb39c70 12 API calls _handle_error 26866->27365 26883 7ff6cdb1129c 33 API calls 26867->26883 26873 7ff6cdb3c260 26868->26873 26875 7ff6cdb11150 33 API calls 26869->26875 26884 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26873->26884 26878 7ff6cdb3bc82 26875->26878 26877 7ff6cdb3b53e 26881 7ff6cdb3b545 GetLastError 26877->26881 26882 7ff6cdb3b554 26877->26882 26891 7ff6cdb12034 33 API calls 26878->26891 26879->26737 26881->26882 26886 7ff6cdb3b5fc 26882->26886 26890 7ff6cdb3b60b 26882->26890 26892 7ff6cdb3b56b GetTickCount 26882->26892 26887 7ff6cdb3bd2e 26883->26887 26888 7ff6cdb3c266 26884->26888 26886->26890 26905 7ff6cdb3ba59 26886->26905 26898 7ff6cdb11fa0 31 API calls 26887->26898 26889 7ff6cdb1255c 61 API calls 26888->26889 26893 7ff6cdb3c2c4 26889->26893 26894 7ff6cdb3b930 26890->26894 26902 7ff6cdb26464 34 API calls 26890->26902 26895 7ff6cdb3bc9e 26891->26895 27148 7ff6cdb14228 26892->27148 26899 7ff6cdb3c2c8 26893->26899 26908 7ff6cdb3c369 GetDlgItem SetFocus 26893->26908 26954 7ff6cdb3c2dd 26893->26954 26894->26897 27374 7ff6cdb1bd1c 33 API calls 26894->27374 26903 7ff6cdb11fa0 31 API calls 26895->26903 26897->26768 26906 7ff6cdb3bd58 26898->26906 26916 7ff6cdb42200 _handle_error 8 API calls 26899->26916 26910 7ff6cdb3b62e 26902->26910 26911 7ff6cdb3bcac 26903->26911 26922 7ff6cdb2aa90 48 API calls 26905->26922 26914 7ff6cdb11fa0 31 API calls 26906->26914 26907 7ff6cdb3b955 27375 7ff6cdb11150 26907->27375 26920 7ff6cdb3c39a 26908->26920 27366 7ff6cdb2b8c0 102 API calls 26910->27366 26919 7ff6cdb11fa0 31 API calls 26911->26919 26913 7ff6cdb3b59a 26921 7ff6cdb11fa0 31 API calls 26913->26921 26923 7ff6cdb3bd63 26914->26923 26925 7ff6cdb3c977 26916->26925 26919->26822 26933 7ff6cdb1129c 33 API calls 26920->26933 26927 7ff6cdb3b5a8 26921->26927 26928 7ff6cdb3ba87 SetDlgItemTextW 26922->26928 26929 7ff6cdb11fa0 31 API calls 26923->26929 26924 7ff6cdb3b96a 26930 7ff6cdb2aa90 48 API calls 26924->26930 26926 7ff6cdb3b648 26932 7ff6cdb2da04 48 API calls 26926->26932 27158 7ff6cdb22144 26927->27158 26934 7ff6cdb12534 26928->26934 26929->26768 26935 7ff6cdb3b977 26930->26935 26931 7ff6cdb3c314 SendDlgItemMessageW 26936 7ff6cdb3c33d EndDialog 26931->26936 26937 7ff6cdb3c334 26931->26937 26938 7ff6cdb3b68a GetCommandLineW 26932->26938 26939 7ff6cdb3c3ac 26933->26939 26940 7ff6cdb3baa5 SetDlgItemTextW GetDlgItem 26934->26940 26941 7ff6cdb11150 33 API calls 26935->26941 26936->26899 26937->26936 26942 7ff6cdb3b749 26938->26942 26943 7ff6cdb3b72f 26938->26943 27379 7ff6cdb28088 33 API calls 26939->27379 26946 7ff6cdb3bad0 GetWindowLongPtrW SetWindowLongPtrW 26940->26946 26947 7ff6cdb3baf3 26940->26947 26948 7ff6cdb3b98a 26941->26948 27367 7ff6cdb3aa34 33 API calls _handle_error 26942->27367 26961 7ff6cdb120b0 33 API calls 26943->26961 26946->26947 27174 7ff6cdb3cd68 26947->27174 26953 7ff6cdb11fa0 31 API calls 26948->26953 26949 7ff6cdb3c3c0 26955 7ff6cdb1250c SetDlgItemTextW 26949->26955 26960 7ff6cdb3b995 26953->26960 26954->26899 26954->26931 26962 7ff6cdb3c3d4 26955->26962 26956 7ff6cdb3b75a 27368 7ff6cdb3aa34 33 API calls _handle_error 26956->27368 26957 7ff6cdb3b5d5 GetLastError 26958 7ff6cdb3b5e4 26957->26958 26964 7ff6cdb22058 100 API calls 26958->26964 26966 7ff6cdb11fa0 31 API calls 26960->26966 26961->26942 26972 7ff6cdb3c406 SendDlgItemMessageW FindFirstFileW 26962->26972 26969 7ff6cdb3b5f1 26964->26969 26965 7ff6cdb3cd68 160 API calls 26970 7ff6cdb3bb1c 26965->26970 26971 7ff6cdb3b9a3 26966->26971 26967 7ff6cdb3b76b 27369 7ff6cdb3aa34 33 API calls _handle_error 26967->27369 26975 7ff6cdb11fa0 31 API calls 26969->26975 27324 7ff6cdb3f854 26970->27324 26983 7ff6cdb2aa90 48 API calls 26971->26983 26973 7ff6cdb3c45b 26972->26973 26980 7ff6cdb3c8e4 26972->26980 26984 7ff6cdb2aa90 48 API calls 26973->26984 26974 7ff6cdb3b77c 27370 7ff6cdb2b960 102 API calls 26974->27370 26975->26886 26979 7ff6cdb3b793 27371 7ff6cdb3fabc 33 API calls 26979->27371 26980->26899 26981 7ff6cdb3c961 26980->26981 26986 7ff6cdb3c989 26980->26986 27029 7ff6cdb3c9a6 26980->27029 26981->26899 26982 7ff6cdb3cd68 160 API calls 26997 7ff6cdb3bb4a 26982->26997 26987 7ff6cdb3b9bb 26983->26987 26988 7ff6cdb3c47e 26984->26988 26990 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26986->26990 26998 7ff6cdb1129c 33 API calls 26987->26998 26999 7ff6cdb1129c 33 API calls 26988->26999 26989 7ff6cdb3b7b2 CreateFileMappingW 26992 7ff6cdb3b7f1 MapViewOfFile 26989->26992 26993 7ff6cdb3b833 ShellExecuteExW 26989->26993 26994 7ff6cdb3c98e 26990->26994 26991 7ff6cdb3bb76 27336 7ff6cdb12298 GetDlgItem EnableWindow 26991->27336 27372 7ff6cdb43520 26992->27372 27014 7ff6cdb3b854 26993->27014 27000 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 26994->27000 26997->26991 27001 7ff6cdb3cd68 160 API calls 26997->27001 27008 7ff6cdb3b9e4 26998->27008 27002 7ff6cdb3c4ad 26999->27002 27003 7ff6cdb3c994 27000->27003 27001->26991 27004 7ff6cdb11150 33 API calls 27002->27004 27007 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27003->27007 27005 7ff6cdb3c4c8 27004->27005 27380 7ff6cdb1e11c 33 API calls 2 library calls 27005->27380 27006 7ff6cdb3b8a3 27015 7ff6cdb3b8bc UnmapViewOfFile CloseHandle 27006->27015 27016 7ff6cdb3b8cf 27006->27016 27011 7ff6cdb3c99a 27007->27011 27008->26856 27009 7ff6cdb3ba3a 27008->27009 27012 7ff6cdb11fa0 31 API calls 27009->27012 27019 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27011->27019 27012->26897 27013 7ff6cdb3c4df 27017 7ff6cdb11fa0 31 API calls 27013->27017 27014->27006 27021 7ff6cdb3b891 Sleep 27014->27021 27015->27016 27016->26833 27018 7ff6cdb3b905 27016->27018 27020 7ff6cdb3c4ec 27017->27020 27023 7ff6cdb11fa0 31 API calls 27018->27023 27022 7ff6cdb3c9a0 27019->27022 27020->26994 27025 7ff6cdb11fa0 31 API calls 27020->27025 27021->27006 27021->27014 27026 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27022->27026 27024 7ff6cdb3b922 27023->27024 27027 7ff6cdb11fa0 31 API calls 27024->27027 27028 7ff6cdb3c553 27025->27028 27026->27029 27027->26894 27030 7ff6cdb1250c SetDlgItemTextW 27028->27030 27032 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27029->27032 27031 7ff6cdb3c567 FindClose 27030->27031 27033 7ff6cdb3c677 SendDlgItemMessageW 27031->27033 27034 7ff6cdb3c583 27031->27034 27035 7ff6cdb3c9ac 27032->27035 27036 7ff6cdb3c6ab 27033->27036 27381 7ff6cdb3a1ac 10 API calls _handle_error 27034->27381 27039 7ff6cdb2aa90 48 API calls 27036->27039 27038 7ff6cdb3c5a6 27040 7ff6cdb2aa90 48 API calls 27038->27040 27041 7ff6cdb3c6b8 27039->27041 27042 7ff6cdb3c5af 27040->27042 27044 7ff6cdb1129c 33 API calls 27041->27044 27043 7ff6cdb2da04 48 API calls 27042->27043 27047 7ff6cdb3c5cc memcpy_s 27043->27047 27046 7ff6cdb3c6e7 27044->27046 27045 7ff6cdb11fa0 31 API calls 27048 7ff6cdb3c663 27045->27048 27049 7ff6cdb11150 33 API calls 27046->27049 27047->27003 27047->27045 27050 7ff6cdb1250c SetDlgItemTextW 27048->27050 27051 7ff6cdb3c702 27049->27051 27050->27033 27382 7ff6cdb1e11c 33 API calls 2 library calls 27051->27382 27053 7ff6cdb3c719 27054 7ff6cdb11fa0 31 API calls 27053->27054 27055 7ff6cdb3c725 memcpy_s 27054->27055 27056 7ff6cdb11fa0 31 API calls 27055->27056 27057 7ff6cdb3c75f 27056->27057 27058 7ff6cdb11fa0 31 API calls 27057->27058 27059 7ff6cdb3c76c 27058->27059 27059->27011 27060 7ff6cdb11fa0 31 API calls 27059->27060 27061 7ff6cdb3c7d3 27060->27061 27062 7ff6cdb1250c SetDlgItemTextW 27061->27062 27063 7ff6cdb3c7e7 27062->27063 27063->26980 27383 7ff6cdb3a1ac 10 API calls _handle_error 27063->27383 27065 7ff6cdb3c812 27066 7ff6cdb2aa90 48 API calls 27065->27066 27067 7ff6cdb3c81c 27066->27067 27068 7ff6cdb2da04 48 API calls 27067->27068 27070 7ff6cdb3c839 memcpy_s 27068->27070 27069 7ff6cdb11fa0 31 API calls 27071 7ff6cdb3c8d0 27069->27071 27070->27022 27070->27069 27072 7ff6cdb1250c SetDlgItemTextW 27071->27072 27072->26980 27074 7ff6cdb1256a 27073->27074 27075 7ff6cdb125d0 27073->27075 27074->27075 27384 7ff6cdb2a45c 27074->27384 27075->26732 27077 7ff6cdb1258f 27077->27075 27078 7ff6cdb125a4 GetDlgItem 27077->27078 27078->27075 27079 7ff6cdb125b7 27078->27079 27079->27075 27080 7ff6cdb125be SetDlgItemTextW 27079->27080 27080->27075 27082 7ff6cdb122fc 27081->27082 27083 7ff6cdb12334 27081->27083 27085 7ff6cdb1129c 33 API calls 27082->27085 27433 7ff6cdb123f8 GetWindowTextLengthW 27083->27433 27086 7ff6cdb1232a memcpy_s 27085->27086 27087 7ff6cdb11fa0 31 API calls 27086->27087 27091 7ff6cdb12389 27086->27091 27087->27091 27088 7ff6cdb123c8 27089 7ff6cdb42200 _handle_error 8 API calls 27088->27089 27090 7ff6cdb123dd 27089->27090 27090->26760 27090->26761 27090->26897 27091->27088 27092 7ff6cdb123f0 27091->27092 27093 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27092->27093 27094 7ff6cdb123f5 27093->27094 27096 7ff6cdb18de8 27095->27096 27097 7ff6cdb18d34 27095->27097 27445 7ff6cdb12004 33 API calls std::_Xinvalid_argument 27096->27445 27100 7ff6cdb18d91 27097->27100 27101 7ff6cdb18de3 27097->27101 27103 7ff6cdb18d42 memcpy_s 27097->27103 27100->27103 27104 7ff6cdb420b0 33 API calls 27100->27104 27102 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 27101->27102 27102->27096 27103->26782 27104->27103 27109 7ff6cdb3ee90 27105->27109 27106 7ff6cdb3eeb7 27107 7ff6cdb42200 _handle_error 8 API calls 27106->27107 27108 7ff6cdb3b417 27107->27108 27108->26797 27109->27106 27446 7ff6cdb1bd1c 33 API calls 27109->27446 27111 7ff6cdb3ef0a 27112 7ff6cdb11150 33 API calls 27111->27112 27113 7ff6cdb3ef1f 27112->27113 27114 7ff6cdb11fa0 31 API calls 27113->27114 27118 7ff6cdb3ef2f memcpy_s 27113->27118 27114->27118 27115 7ff6cdb11fa0 31 API calls 27116 7ff6cdb3ef56 27115->27116 27117 7ff6cdb11fa0 31 API calls 27116->27117 27117->27106 27118->27115 27447 7ff6cdb3acfc PeekMessageW 27119->27447 27122 7ff6cdb3efd5 27126 7ff6cdb3efe1 ShowWindow IsDlgButtonChecked IsDlgButtonChecked 27122->27126 27123 7ff6cdb3f023 IsDlgButtonChecked IsDlgButtonChecked 27124 7ff6cdb3f069 27123->27124 27125 7ff6cdb3f084 IsDlgButtonChecked 27123->27125 27124->27125 27127 7ff6cdb3f0a6 IsDlgButtonChecked IsDlgButtonChecked 27125->27127 27128 7ff6cdb3f0a3 27125->27128 27126->27123 27129 7ff6cdb3f0f8 IsDlgButtonChecked 27127->27129 27130 7ff6cdb3f0d3 IsDlgButtonChecked 27127->27130 27128->27127 27131 7ff6cdb42200 _handle_error 8 API calls 27129->27131 27130->27129 27132 7ff6cdb3b458 27131->27132 27132->26827 27134 7ff6cdb230ad 27133->27134 27141 7ff6cdb22f9e 27133->27141 27135 7ff6cdb42200 _handle_error 8 API calls 27134->27135 27136 7ff6cdb230c3 27135->27136 27136->26860 27136->26861 27137 7ff6cdb23087 27137->27134 27138 7ff6cdb23694 56 API calls 27137->27138 27138->27134 27139 7ff6cdb1129c 33 API calls 27139->27141 27141->27137 27141->27139 27142 7ff6cdb230d8 27141->27142 27452 7ff6cdb23694 27141->27452 27143 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27142->27143 27144 7ff6cdb230dd 27143->27144 27146 7ff6cdb27f7f 27145->27146 27147 7ff6cdb27f82 SetCurrentDirectoryW 27145->27147 27146->27147 27147->26877 27149 7ff6cdb14255 27148->27149 27150 7ff6cdb1426a 27149->27150 27151 7ff6cdb1129c 33 API calls 27149->27151 27152 7ff6cdb42200 _handle_error 8 API calls 27150->27152 27151->27150 27153 7ff6cdb142a1 27152->27153 27154 7ff6cdb13c84 27153->27154 27155 7ff6cdb13cab 27154->27155 27486 7ff6cdb1710c 27155->27486 27157 7ff6cdb13cbb memcpy_s 27157->26913 27160 7ff6cdb2217a 27158->27160 27159 7ff6cdb221ae 27162 7ff6cdb2228f 27159->27162 27164 7ff6cdb26a1c 49 API calls 27159->27164 27160->27159 27161 7ff6cdb221c1 CreateFileW 27160->27161 27161->27159 27163 7ff6cdb222bf 27162->27163 27167 7ff6cdb120b0 33 API calls 27162->27167 27165 7ff6cdb42200 _handle_error 8 API calls 27163->27165 27166 7ff6cdb22219 27164->27166 27168 7ff6cdb222d4 27165->27168 27169 7ff6cdb2221d CreateFileW 27166->27169 27170 7ff6cdb22256 27166->27170 27167->27163 27168->26957 27168->26958 27169->27170 27170->27162 27171 7ff6cdb222e8 27170->27171 27172 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27171->27172 27173 7ff6cdb222ed 27172->27173 27498 7ff6cdb3a8e8 27174->27498 27176 7ff6cdb3d0ce 27177 7ff6cdb11fa0 31 API calls 27176->27177 27178 7ff6cdb3d0d7 27177->27178 27179 7ff6cdb42200 _handle_error 8 API calls 27178->27179 27181 7ff6cdb3bb0b 27179->27181 27180 7ff6cdb2d1d8 33 API calls 27184 7ff6cdb3cde3 memcpy_s 27180->27184 27181->26965 27184->27176 27184->27180 27185 7ff6cdb3ede0 27184->27185 27188 7ff6cdb3ede6 27184->27188 27191 7ff6cdb3edd4 27184->27191 27192 7ff6cdb3edec 27184->27192 27196 7ff6cdb3edda 27184->27196 27197 7ff6cdb3ed2a 27184->27197 27198 7ff6cdb3edf2 27184->27198 27202 7ff6cdb113a4 33 API calls 27184->27202 27207 7ff6cdb3edf8 27184->27207 27208 7ff6cdb262ec 35 API calls 27184->27208 27209 7ff6cdb3edce 27184->27209 27214 7ff6cdb12520 SetDlgItemTextW 27184->27214 27218 7ff6cdb4ba6c 43 API calls 27184->27218 27219 7ff6cdb3edfe 27184->27219 27220 7ff6cdb3e6d3 27184->27220 27223 7ff6cdb12034 33 API calls 27184->27223 27227 7ff6cdb3a8e8 33 API calls 27184->27227 27228 7ff6cdb3ee04 27184->27228 27231 7ff6cdb120b0 33 API calls 27184->27231 27233 7ff6cdb23f40 54 API calls 27184->27233 27238 7ff6cdb3ee0a 27184->27238 27241 7ff6cdb25830 33 API calls 27184->27241 27246 7ff6cdb1129c 33 API calls 27184->27246 27254 7ff6cdb3ee10 27184->27254 27255 7ff6cdb23d44 51 API calls 27184->27255 27271 7ff6cdb2db98 33 API calls 27184->27271 27272 7ff6cdb3ee16 27184->27272 27275 7ff6cdb232cc 51 API calls 27184->27275 27276 7ff6cdb12674 31 API calls 27184->27276 27277 7ff6cdb25b70 53 API calls 27184->27277 27279 7ff6cdb25ab8 33 API calls 27184->27279 27280 7ff6cdb3d51c IsDlgButtonChecked 27184->27280 27281 7ff6cdb3ee1c 27184->27281 27289 7ff6cdb3ee22 27184->27289 27292 7ff6cdb14228 33 API calls 27184->27292 27296 7ff6cdb232b8 51 API calls 27184->27296 27298 7ff6cdb1e11c 33 API calls 27184->27298 27300 7ff6cdb1250c SetDlgItemTextW 27184->27300 27303 7ff6cdb27da4 47 API calls 27184->27303 27304 7ff6cdb11150 33 API calls 27184->27304 27308 7ff6cdb398a8 31 API calls 27184->27308 27312 7ff6cdb3de79 EndDialog 27184->27312 27316 7ff6cdb3da01 MoveFileW 27184->27316 27320 7ff6cdb22f68 56 API calls 27184->27320 27322 7ff6cdb18d04 33 API calls 27184->27322 27323 7ff6cdb11fa0 31 API calls 27184->27323 27502 7ff6cdb31298 CompareStringW 27184->27502 27503 7ff6cdb3a320 27184->27503 27579 7ff6cdb2cf50 35 API calls _invalid_parameter_noinfo_noreturn 27184->27579 27580 7ff6cdb39494 33 API calls Concurrency::cancel_current_task 27184->27580 27581 7ff6cdb40564 31 API calls _invalid_parameter_noinfo_noreturn 27184->27581 27582 7ff6cdb1df04 47 API calls memcpy_s 27184->27582 27583 7ff6cdb3a714 33 API calls _invalid_parameter_noinfo_noreturn 27184->27583 27584 7ff6cdb393f8 33 API calls 27184->27584 27585 7ff6cdb3aac8 33 API calls 3 library calls 27184->27585 27586 7ff6cdb27378 33 API calls 2 library calls 27184->27586 27587 7ff6cdb24098 33 API calls 27184->27587 27588 7ff6cdb265c0 33 API calls 3 library calls 27184->27588 27589 7ff6cdb272dc 27184->27589 27593 7ff6cdb11744 33 API calls 4 library calls 27184->27593 27594 7ff6cdb231cc 27184->27594 27608 7ff6cdb23eb0 FindClose 27184->27608 27609 7ff6cdb312c8 CompareStringW 27184->27609 27610 7ff6cdb39bb0 47 API calls 27184->27610 27611 7ff6cdb386b8 51 API calls 3 library calls 27184->27611 27612 7ff6cdb3aa34 33 API calls _handle_error 27184->27612 27613 7ff6cdb25b18 CompareStringW 27184->27613 27614 7ff6cdb27e60 47 API calls 27184->27614 27623 7ff6cdb1704c 47 API calls memcpy_s 27185->27623 27190 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27188->27190 27189 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27189->27191 27190->27192 27621 7ff6cdb1704c 47 API calls memcpy_s 27191->27621 27195 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27192->27195 27195->27198 27622 7ff6cdb1704c 47 API calls memcpy_s 27196->27622 27199 7ff6cdb3edb2 27197->27199 27200 7ff6cdb120b0 33 API calls 27197->27200 27203 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27198->27203 27211 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 27199->27211 27205 7ff6cdb3ed57 27200->27205 27201 7ff6cdb3edc8 27620 7ff6cdb12004 33 API calls std::_Xinvalid_argument 27201->27620 27206 7ff6cdb3db1a GetTempPathW 27202->27206 27203->27207 27619 7ff6cdb3aac8 33 API calls 3 library calls 27205->27619 27206->27184 27215 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27207->27215 27208->27184 27209->27189 27211->27201 27213 7ff6cdb3ed6d 27221 7ff6cdb11fa0 31 API calls 27213->27221 27225 7ff6cdb3ed84 memcpy_s 27213->27225 27214->27184 27215->27219 27218->27184 27226 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27219->27226 27220->27199 27220->27201 27224 7ff6cdb420b0 33 API calls 27220->27224 27234 7ff6cdb3e71b memcpy_s 27220->27234 27221->27225 27222 7ff6cdb11fa0 31 API calls 27222->27199 27223->27184 27224->27234 27225->27222 27226->27228 27227->27184 27232 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27228->27232 27230 7ff6cdb3ee4c 27625 7ff6cdb12004 33 API calls std::_Xinvalid_argument 27230->27625 27231->27184 27232->27238 27233->27184 27243 7ff6cdb120b0 33 API calls 27234->27243 27282 7ff6cdb3ea6f 27234->27282 27236 7ff6cdb11fa0 31 API calls 27236->27197 27237 7ff6cdb3ee58 27626 7ff6cdb12004 33 API calls std::_Xinvalid_argument 27237->27626 27249 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27238->27249 27239 7ff6cdb3ee52 27251 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 27239->27251 27241->27184 27242 7ff6cdb3ee46 27247 7ff6cdb11f80 Concurrency::cancel_current_task 33 API calls 27242->27247 27250 7ff6cdb3e843 27243->27250 27246->27184 27247->27230 27248 7ff6cdb3eb0a 27248->27230 27248->27242 27257 7ff6cdb3eb52 memcpy_s 27248->27257 27261 7ff6cdb3ec1b memcpy_s 27248->27261 27263 7ff6cdb420b0 33 API calls 27248->27263 27249->27254 27256 7ff6cdb3ee40 27250->27256 27262 7ff6cdb1129c 33 API calls 27250->27262 27251->27237 27253 7ff6cdb3ec20 27253->27237 27253->27239 27253->27261 27267 7ff6cdb420b0 33 API calls 27253->27267 27268 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27254->27268 27255->27184 27624 7ff6cdb1704c 47 API calls memcpy_s 27256->27624 27541 7ff6cdb3f3c0 27257->27541 27259 7ff6cdb3d4c9 GetDlgItem 27264 7ff6cdb12520 SetDlgItemTextW 27259->27264 27261->27236 27269 7ff6cdb3e886 27262->27269 27263->27257 27270 7ff6cdb3d4e8 IsDlgButtonChecked 27264->27270 27267->27261 27268->27272 27615 7ff6cdb2d1d8 27269->27615 27270->27184 27271->27184 27278 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27272->27278 27275->27184 27276->27184 27277->27184 27278->27281 27279->27184 27280->27184 27286 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27281->27286 27282->27248 27282->27253 27288 7ff6cdb3ee34 27282->27288 27290 7ff6cdb3ee3a 27282->27290 27286->27289 27291 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27288->27291 27295 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27289->27295 27294 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27290->27294 27291->27290 27292->27184 27294->27256 27297 7ff6cdb3ee28 27295->27297 27296->27184 27299 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27297->27299 27298->27184 27301 7ff6cdb3ee2e 27299->27301 27300->27184 27306 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27301->27306 27302 7ff6cdb1129c 33 API calls 27314 7ff6cdb3e8b1 27302->27314 27303->27184 27304->27184 27306->27288 27308->27184 27309 7ff6cdb11fa0 31 API calls 27309->27314 27311 7ff6cdb31298 CompareStringW 27311->27314 27312->27184 27314->27282 27314->27297 27314->27301 27314->27302 27314->27309 27314->27311 27315 7ff6cdb2d1d8 33 API calls 27314->27315 27315->27314 27317 7ff6cdb3da50 27316->27317 27318 7ff6cdb3da35 MoveFileExW 27316->27318 27317->27184 27319 7ff6cdb11fa0 31 API calls 27317->27319 27318->27317 27319->27317 27320->27184 27322->27184 27323->27184 27325 7ff6cdb3f883 27324->27325 27326 7ff6cdb120b0 33 API calls 27325->27326 27327 7ff6cdb3f899 27326->27327 27328 7ff6cdb3f8ce 27327->27328 27329 7ff6cdb120b0 33 API calls 27327->27329 27639 7ff6cdb1e304 27328->27639 27329->27328 27331 7ff6cdb3f92b 27659 7ff6cdb1e760 27331->27659 27333 7ff6cdb3f936 27334 7ff6cdb42200 _handle_error 8 API calls 27333->27334 27335 7ff6cdb3bb32 27334->27335 27335->26982 27338 7ff6cdb3837c 4 API calls 27337->27338 27339 7ff6cdb3f29f 27338->27339 27340 7ff6cdb3f397 27339->27340 27341 7ff6cdb3f2a7 GetWindow 27339->27341 27342 7ff6cdb42200 _handle_error 8 API calls 27340->27342 27346 7ff6cdb3f2c2 27341->27346 27343 7ff6cdb3bd7b 27342->27343 27343->26741 27343->26742 27344 7ff6cdb3f2ce GetClassNameW 28633 7ff6cdb31298 CompareStringW 27344->28633 27346->27340 27346->27344 27347 7ff6cdb3f2f7 GetWindowLongPtrW 27346->27347 27348 7ff6cdb3f376 GetWindow 27346->27348 27347->27348 27349 7ff6cdb3f309 IsDlgButtonChecked 27347->27349 27348->27340 27348->27346 27349->27348 27350 7ff6cdb3f325 GetObjectW 27349->27350 28634 7ff6cdb383e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27350->28634 27352 7ff6cdb383ac 4 API calls 27353 7ff6cdb3f341 27352->27353 27353->27352 28635 7ff6cdb38cd4 16 API calls _handle_error 27353->28635 27355 7ff6cdb3f359 IsDlgButtonChecked DeleteObject 27355->27348 27357 7ff6cdb12527 27356->27357 27358 7ff6cdb1252a SetDlgItemTextW 27356->27358 27357->27358 27359 7ff6cdb7e2e0 27358->27359 27360->26764 27361->26830 27363 7ff6cdb232cc 51 API calls 27362->27363 27364 7ff6cdb232c1 27363->27364 27364->26842 27364->26866 27365->26842 27366->26926 27367->26956 27368->26967 27369->26974 27370->26979 27371->26989 27373 7ff6cdb43500 27372->27373 27373->26993 27374->26907 27376 7ff6cdb11177 27375->27376 27377 7ff6cdb12034 33 API calls 27376->27377 27378 7ff6cdb11185 memcpy_s 27377->27378 27378->26924 27379->26949 27380->27013 27381->27038 27382->27053 27383->27065 27385 7ff6cdb23e38 swprintf 46 API calls 27384->27385 27386 7ff6cdb2a4b9 27385->27386 27387 7ff6cdb30e3c WideCharToMultiByte 27386->27387 27393 7ff6cdb2a4c9 27387->27393 27388 7ff6cdb2a539 27409 7ff6cdb293b8 27388->27409 27391 7ff6cdb2a6a2 GetSystemMetrics GetWindow 27396 7ff6cdb2a6cd 27391->27396 27397 7ff6cdb2a7d1 27391->27397 27392 7ff6cdb2a5b3 27394 7ff6cdb2a5bc GetWindowLongPtrW 27392->27394 27395 7ff6cdb2a672 27392->27395 27393->27388 27404 7ff6cdb297b0 31 API calls 27393->27404 27407 7ff6cdb2a51a SetDlgItemTextW 27393->27407 27399 7ff6cdb7e2c0 27394->27399 27424 7ff6cdb29558 27395->27424 27396->27397 27405 7ff6cdb2a6ee GetWindowRect 27396->27405 27408 7ff6cdb2a7b0 GetWindow 27396->27408 27398 7ff6cdb42200 _handle_error 8 API calls 27397->27398 27401 7ff6cdb2a7e0 27398->27401 27402 7ff6cdb2a65a GetWindowRect 27399->27402 27401->27077 27402->27395 27404->27393 27405->27396 27406 7ff6cdb2a695 SetDlgItemTextW 27406->27391 27407->27393 27408->27396 27408->27397 27410 7ff6cdb29558 47 API calls 27409->27410 27412 7ff6cdb293ff 27410->27412 27411 7ff6cdb42200 _handle_error 8 API calls 27413 7ff6cdb2953e GetWindowRect GetClientRect 27411->27413 27414 7ff6cdb1129c 33 API calls 27412->27414 27423 7ff6cdb2950a 27412->27423 27413->27391 27413->27392 27415 7ff6cdb2944c 27414->27415 27416 7ff6cdb29551 27415->27416 27418 7ff6cdb1129c 33 API calls 27415->27418 27417 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27416->27417 27419 7ff6cdb29557 27417->27419 27420 7ff6cdb294c4 27418->27420 27421 7ff6cdb2954c 27420->27421 27420->27423 27422 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27421->27422 27422->27416 27423->27411 27425 7ff6cdb23e38 swprintf 46 API calls 27424->27425 27426 7ff6cdb2959b 27425->27426 27427 7ff6cdb30e3c WideCharToMultiByte 27426->27427 27428 7ff6cdb295b3 27427->27428 27429 7ff6cdb297b0 31 API calls 27428->27429 27430 7ff6cdb295cb 27429->27430 27431 7ff6cdb42200 _handle_error 8 API calls 27430->27431 27432 7ff6cdb295db 27431->27432 27432->27391 27432->27406 27434 7ff6cdb113a4 33 API calls 27433->27434 27435 7ff6cdb12462 GetWindowTextW 27434->27435 27436 7ff6cdb12494 27435->27436 27437 7ff6cdb1129c 33 API calls 27436->27437 27438 7ff6cdb124a2 27437->27438 27439 7ff6cdb124dd 27438->27439 27442 7ff6cdb12505 27438->27442 27440 7ff6cdb42200 _handle_error 8 API calls 27439->27440 27441 7ff6cdb124f3 27440->27441 27441->27086 27443 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27442->27443 27444 7ff6cdb1250a 27443->27444 27446->27111 27448 7ff6cdb3ad1c GetMessageW 27447->27448 27449 7ff6cdb3ad60 GetDlgItem 27447->27449 27450 7ff6cdb3ad3b IsDialogMessageW 27448->27450 27451 7ff6cdb3ad4a TranslateMessage DispatchMessageW 27448->27451 27449->27122 27449->27123 27450->27449 27450->27451 27451->27449 27453 7ff6cdb236c3 27452->27453 27454 7ff6cdb236dc CreateDirectoryW 27453->27454 27457 7ff6cdb236f0 27453->27457 27456 7ff6cdb2378d 27454->27456 27454->27457 27455 7ff6cdb232cc 51 API calls 27458 7ff6cdb236fe 27455->27458 27459 7ff6cdb2379d 27456->27459 27472 7ff6cdb23d44 27456->27472 27457->27455 27460 7ff6cdb237a1 GetLastError 27458->27460 27462 7ff6cdb26a1c 49 API calls 27458->27462 27463 7ff6cdb42200 _handle_error 8 API calls 27459->27463 27460->27459 27464 7ff6cdb2372c 27462->27464 27465 7ff6cdb237c9 27463->27465 27466 7ff6cdb2374b 27464->27466 27467 7ff6cdb23730 CreateDirectoryW 27464->27467 27465->27141 27468 7ff6cdb23784 27466->27468 27469 7ff6cdb237de 27466->27469 27467->27466 27468->27456 27468->27460 27470 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27469->27470 27471 7ff6cdb237e3 27470->27471 27473 7ff6cdb23d6b 27472->27473 27474 7ff6cdb23d6e SetFileAttributesW 27472->27474 27473->27474 27475 7ff6cdb23d84 27474->27475 27482 7ff6cdb23e05 27474->27482 27477 7ff6cdb26a1c 49 API calls 27475->27477 27476 7ff6cdb42200 _handle_error 8 API calls 27478 7ff6cdb23e1a 27476->27478 27479 7ff6cdb23da9 27477->27479 27478->27459 27480 7ff6cdb23dad SetFileAttributesW 27479->27480 27481 7ff6cdb23dcc 27479->27481 27480->27481 27481->27482 27483 7ff6cdb23e2a 27481->27483 27482->27476 27484 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27483->27484 27485 7ff6cdb23e2f 27484->27485 27487 7ff6cdb17206 27486->27487 27488 7ff6cdb1713b 27486->27488 27496 7ff6cdb1704c 47 API calls memcpy_s 27487->27496 27493 7ff6cdb1714b memcpy_s 27488->27493 27495 7ff6cdb13f48 33 API calls 2 library calls 27488->27495 27491 7ff6cdb17273 27491->27157 27492 7ff6cdb1720b 27492->27491 27497 7ff6cdb1889c 8 API calls memcpy_s 27492->27497 27493->27157 27495->27493 27496->27492 27497->27492 27499 7ff6cdb3a90f 27498->27499 27500 7ff6cdb3a916 27498->27500 27499->27184 27500->27499 27627 7ff6cdb11744 33 API calls 4 library calls 27500->27627 27502->27184 27504 7ff6cdb3a35f 27503->27504 27524 7ff6cdb3a5e6 27503->27524 27628 7ff6cdb3ccd8 33 API calls 27504->27628 27506 7ff6cdb42200 _handle_error 8 API calls 27508 7ff6cdb3a5f7 27506->27508 27507 7ff6cdb3a37e 27509 7ff6cdb1129c 33 API calls 27507->27509 27508->27259 27510 7ff6cdb3a3be 27509->27510 27511 7ff6cdb1129c 33 API calls 27510->27511 27512 7ff6cdb3a3f7 27511->27512 27513 7ff6cdb1129c 33 API calls 27512->27513 27514 7ff6cdb3a42a 27513->27514 27629 7ff6cdb3a714 33 API calls _invalid_parameter_noinfo_noreturn 27514->27629 27516 7ff6cdb3a614 27518 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27516->27518 27517 7ff6cdb3a61a 27519 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27517->27519 27518->27517 27520 7ff6cdb3a620 27519->27520 27522 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27520->27522 27521 7ff6cdb3a453 27521->27516 27521->27517 27521->27520 27523 7ff6cdb120b0 33 API calls 27521->27523 27525 7ff6cdb3a565 27521->27525 27526 7ff6cdb3a626 27522->27526 27523->27525 27524->27506 27525->27524 27525->27526 27527 7ff6cdb3a60f 27525->27527 27528 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27526->27528 27530 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27527->27530 27529 7ff6cdb3a62c 27528->27529 27531 7ff6cdb1255c 61 API calls 27529->27531 27530->27516 27532 7ff6cdb3a675 27531->27532 27533 7ff6cdb3a691 27532->27533 27534 7ff6cdb3a6e1 SetDlgItemTextW 27532->27534 27538 7ff6cdb3a681 27532->27538 27535 7ff6cdb42200 _handle_error 8 API calls 27533->27535 27534->27533 27536 7ff6cdb3a707 27535->27536 27536->27259 27537 7ff6cdb3a68d 27537->27533 27539 7ff6cdb3a697 EndDialog 27537->27539 27538->27533 27538->27537 27630 7ff6cdb2baac 102 API calls 27538->27630 27539->27533 27548 7ff6cdb3f409 memcpy_s 27541->27548 27557 7ff6cdb3f75d 27541->27557 27542 7ff6cdb11fa0 31 API calls 27543 7ff6cdb3f77c 27542->27543 27544 7ff6cdb42200 _handle_error 8 API calls 27543->27544 27545 7ff6cdb3f788 27544->27545 27545->27261 27546 7ff6cdb3f564 27549 7ff6cdb1129c 33 API calls 27546->27549 27548->27546 27631 7ff6cdb31298 CompareStringW 27548->27631 27550 7ff6cdb3f5a0 27549->27550 27551 7ff6cdb232b8 51 API calls 27550->27551 27552 7ff6cdb3f5aa 27551->27552 27553 7ff6cdb11fa0 31 API calls 27552->27553 27556 7ff6cdb3f5b5 27553->27556 27554 7ff6cdb3f622 ShellExecuteExW 27555 7ff6cdb3f726 27554->27555 27560 7ff6cdb3f635 27554->27560 27555->27557 27562 7ff6cdb3f7db 27555->27562 27556->27554 27559 7ff6cdb1129c 33 API calls 27556->27559 27557->27542 27558 7ff6cdb3f66e 27633 7ff6cdb3fd04 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27558->27633 27561 7ff6cdb3f5f7 27559->27561 27560->27558 27563 7ff6cdb3f6c3 CloseHandle 27560->27563 27568 7ff6cdb3f661 ShowWindow 27560->27568 27632 7ff6cdb25b70 53 API calls 2 library calls 27561->27632 27565 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27562->27565 27566 7ff6cdb3f6e1 27563->27566 27567 7ff6cdb3f6d2 27563->27567 27571 7ff6cdb3f7e0 27565->27571 27566->27555 27575 7ff6cdb3f717 ShowWindow 27566->27575 27634 7ff6cdb31298 CompareStringW 27567->27634 27568->27558 27570 7ff6cdb3f605 27574 7ff6cdb11fa0 31 API calls 27570->27574 27573 7ff6cdb3f686 27573->27563 27577 7ff6cdb3f694 GetExitCodeProcess 27573->27577 27576 7ff6cdb3f60f 27574->27576 27575->27555 27576->27554 27577->27563 27578 7ff6cdb3f6a7 27577->27578 27578->27563 27579->27184 27580->27184 27581->27184 27582->27184 27583->27184 27584->27184 27585->27184 27586->27184 27587->27184 27588->27184 27590 7ff6cdb272fa 27589->27590 27635 7ff6cdb1b3b8 27590->27635 27593->27184 27595 7ff6cdb231f7 DeleteFileW 27594->27595 27596 7ff6cdb231f4 27594->27596 27597 7ff6cdb2320d 27595->27597 27604 7ff6cdb2328c 27595->27604 27596->27595 27598 7ff6cdb26a1c 49 API calls 27597->27598 27601 7ff6cdb23232 27598->27601 27599 7ff6cdb42200 _handle_error 8 API calls 27600 7ff6cdb232a1 27599->27600 27600->27184 27602 7ff6cdb23236 DeleteFileW 27601->27602 27603 7ff6cdb23253 27601->27603 27602->27603 27603->27604 27605 7ff6cdb232b1 27603->27605 27604->27599 27606 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27605->27606 27607 7ff6cdb232b6 27606->27607 27609->27184 27610->27184 27611->27184 27612->27184 27613->27184 27614->27184 27616 7ff6cdb2d20a 27615->27616 27617 7ff6cdb2d23d 27616->27617 27618 7ff6cdb11744 33 API calls 27616->27618 27617->27314 27618->27616 27619->27213 27621->27196 27622->27185 27623->27188 27624->27242 27627->27500 27628->27507 27629->27521 27630->27537 27631->27546 27632->27570 27633->27573 27634->27566 27638 7ff6cdb1b402 memcpy_s 27635->27638 27636 7ff6cdb42200 _handle_error 8 API calls 27637 7ff6cdb1b4c6 27636->27637 27637->27184 27638->27636 27673 7ff6cdb2869c 27639->27673 27641 7ff6cdb1e37c 27679 7ff6cdb1e5b8 31 API calls memcpy_s 27641->27679 27643 7ff6cdb1e48c 27645 7ff6cdb420b0 33 API calls 27643->27645 27644 7ff6cdb1e40c 27644->27643 27646 7ff6cdb1e501 27644->27646 27650 7ff6cdb1e4a8 27645->27650 27647 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27646->27647 27655 7ff6cdb1e506 27647->27655 27649 7ff6cdb2186d 27649->27331 27680 7ff6cdb33028 102 API calls 27650->27680 27651 7ff6cdb1e4d5 27652 7ff6cdb42200 _handle_error 8 API calls 27651->27652 27653 7ff6cdb1e4e5 27652->27653 27653->27331 27654 7ff6cdb21822 27654->27649 27656 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27654->27656 27655->27649 27655->27654 27657 7ff6cdb11fa0 31 API calls 27655->27657 27658 7ff6cdb2189b 27656->27658 27657->27655 27660 7ff6cdb1e7a2 27659->27660 27661 7ff6cdb1e81c 27660->27661 27663 7ff6cdb1e859 27660->27663 27681 7ff6cdb23ed8 27660->27681 27661->27663 27664 7ff6cdb1e94b 27661->27664 27671 7ff6cdb1e8b8 27663->27671 27688 7ff6cdb1f530 27663->27688 27665 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27664->27665 27667 7ff6cdb1e950 27665->27667 27666 7ff6cdb1e90d 27669 7ff6cdb42200 _handle_error 8 API calls 27666->27669 27670 7ff6cdb1e936 27669->27670 27670->27333 27671->27666 27724 7ff6cdb128a4 82 API calls 2 library calls 27671->27724 27674 7ff6cdb286ba 27673->27674 27675 7ff6cdb420b0 33 API calls 27674->27675 27676 7ff6cdb286df 27675->27676 27677 7ff6cdb420b0 33 API calls 27676->27677 27678 7ff6cdb28709 27677->27678 27678->27641 27679->27644 27680->27651 27682 7ff6cdb272dc 8 API calls 27681->27682 27683 7ff6cdb23ef1 27682->27683 27684 7ff6cdb23f1f 27683->27684 27725 7ff6cdb240cc 27683->27725 27684->27660 27687 7ff6cdb23f0a FindClose 27687->27684 27689 7ff6cdb1f550 _snwprintf 27688->27689 27751 7ff6cdb12950 27689->27751 27692 7ff6cdb1f584 27696 7ff6cdb1f5b4 27692->27696 27766 7ff6cdb133e4 27692->27766 27695 7ff6cdb1f5b0 27695->27696 27798 7ff6cdb13ad8 27695->27798 28014 7ff6cdb12c54 27696->28014 27703 7ff6cdb1f783 27808 7ff6cdb1f85c 27703->27808 27704 7ff6cdb18d04 33 API calls 27706 7ff6cdb1f61a 27704->27706 28034 7ff6cdb278c8 48 API calls 2 library calls 27706->28034 27708 7ff6cdb1f62f 27709 7ff6cdb23ed8 55 API calls 27708->27709 27718 7ff6cdb1f665 27709->27718 27711 7ff6cdb1f7fa 27711->27696 27829 7ff6cdb169f8 27711->27829 27840 7ff6cdb1f8e8 27711->27840 27716 7ff6cdb1f852 27719 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27716->27719 27717 7ff6cdb1f705 27717->27703 27717->27716 27720 7ff6cdb1f84d 27717->27720 27718->27716 27718->27717 27721 7ff6cdb23ed8 55 API calls 27718->27721 28035 7ff6cdb278c8 48 API calls 2 library calls 27718->28035 27723 7ff6cdb1f858 27719->27723 27722 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27720->27722 27721->27718 27722->27716 27724->27666 27726 7ff6cdb24109 FindFirstFileW 27725->27726 27727 7ff6cdb241e2 FindNextFileW 27725->27727 27730 7ff6cdb24203 27726->27730 27731 7ff6cdb2412e 27726->27731 27729 7ff6cdb241f1 GetLastError 27727->27729 27727->27730 27732 7ff6cdb241d0 27729->27732 27733 7ff6cdb24221 27730->27733 27737 7ff6cdb120b0 33 API calls 27730->27737 27734 7ff6cdb26a1c 49 API calls 27731->27734 27735 7ff6cdb42200 _handle_error 8 API calls 27732->27735 27738 7ff6cdb1129c 33 API calls 27733->27738 27736 7ff6cdb24154 27734->27736 27739 7ff6cdb23f04 27735->27739 27740 7ff6cdb24177 27736->27740 27741 7ff6cdb24158 FindFirstFileW 27736->27741 27737->27733 27742 7ff6cdb2424b 27738->27742 27739->27684 27739->27687 27740->27730 27744 7ff6cdb241bf GetLastError 27740->27744 27750 7ff6cdb24324 27740->27750 27741->27740 27743 7ff6cdb28040 47 API calls 27742->27743 27745 7ff6cdb24259 27743->27745 27744->27732 27745->27732 27748 7ff6cdb2431f 27745->27748 27746 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27747 7ff6cdb2432a 27746->27747 27749 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27748->27749 27749->27750 27750->27746 27752 7ff6cdb1296c 27751->27752 27753 7ff6cdb2869c 33 API calls 27752->27753 27754 7ff6cdb1298d 27753->27754 27755 7ff6cdb420b0 33 API calls 27754->27755 27759 7ff6cdb12ac2 27754->27759 27757 7ff6cdb12ab0 27755->27757 27757->27759 27760 7ff6cdb191c8 35 API calls 27757->27760 28036 7ff6cdb24d14 27759->28036 27760->27759 27761 7ff6cdb22cb8 27765 7ff6cdb224d0 54 API calls 27761->27765 27762 7ff6cdb22cd1 27763 7ff6cdb22cd5 27762->27763 28050 7ff6cdb1b7f8 99 API calls 2 library calls 27762->28050 27763->27692 27765->27762 27794 7ff6cdb228e0 104 API calls 27766->27794 27767 7ff6cdb13674 28051 7ff6cdb128a4 82 API calls 2 library calls 27767->28051 27768 7ff6cdb13431 memcpy_s 27775 7ff6cdb1344e 27768->27775 27779 7ff6cdb13601 27768->27779 27791 7ff6cdb22bc0 101 API calls 27768->27791 27770 7ff6cdb169f8 132 API calls 27772 7ff6cdb13682 27770->27772 27771 7ff6cdb134cc 27795 7ff6cdb228e0 104 API calls 27771->27795 27772->27770 27773 7ff6cdb1370c 27772->27773 27772->27779 27796 7ff6cdb22ab0 101 API calls 27772->27796 27778 7ff6cdb13740 27773->27778 27773->27779 28052 7ff6cdb128a4 82 API calls 2 library calls 27773->28052 27775->27767 27775->27772 27776 7ff6cdb135cb 27776->27775 27777 7ff6cdb135d7 27776->27777 27777->27779 27780 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27777->27780 27778->27779 27782 7ff6cdb1384d 27778->27782 27797 7ff6cdb22bc0 101 API calls 27778->27797 27779->27695 27784 7ff6cdb13891 27780->27784 27781 7ff6cdb134eb 27781->27776 27792 7ff6cdb22ab0 101 API calls 27781->27792 27782->27779 27783 7ff6cdb120b0 33 API calls 27782->27783 27783->27779 27784->27695 27785 7ff6cdb135a7 27785->27776 27789 7ff6cdb228e0 104 API calls 27785->27789 27786 7ff6cdb169f8 132 API calls 27787 7ff6cdb1378e 27786->27787 27787->27786 27788 7ff6cdb13803 27787->27788 27790 7ff6cdb22ab0 101 API calls 27787->27790 27793 7ff6cdb22ab0 101 API calls 27788->27793 27789->27776 27790->27787 27791->27771 27792->27785 27793->27782 27794->27768 27795->27781 27796->27772 27797->27787 27799 7ff6cdb13af9 27798->27799 27800 7ff6cdb13b55 27798->27800 28053 7ff6cdb13378 27799->28053 27802 7ff6cdb42200 _handle_error 8 API calls 27800->27802 27804 7ff6cdb13b67 27802->27804 27804->27703 27804->27704 27805 7ff6cdb13b6c 27806 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 27805->27806 27807 7ff6cdb13b71 27806->27807 28280 7ff6cdb2881c 27808->28280 27810 7ff6cdb1f872 28284 7ff6cdb2eed0 GetSystemTime SystemTimeToFileTime 27810->28284 27813 7ff6cdb30868 27814 7ff6cdb40220 27813->27814 27815 7ff6cdb27da4 47 API calls 27814->27815 27816 7ff6cdb40253 27815->27816 27817 7ff6cdb2aa90 48 API calls 27816->27817 27818 7ff6cdb40267 27817->27818 27819 7ff6cdb2da04 48 API calls 27818->27819 27820 7ff6cdb40277 27819->27820 27821 7ff6cdb11fa0 31 API calls 27820->27821 27822 7ff6cdb40282 27821->27822 28293 7ff6cdb3fb48 49 API calls 2 library calls 27822->28293 27824 7ff6cdb40298 27825 7ff6cdb11fa0 31 API calls 27824->27825 27826 7ff6cdb402a3 27825->27826 27827 7ff6cdb42200 _handle_error 8 API calls 27826->27827 27828 7ff6cdb402b0 27827->27828 27828->27711 27830 7ff6cdb16a0e 27829->27830 27834 7ff6cdb16a0a 27829->27834 27839 7ff6cdb22bc0 101 API calls 27830->27839 27831 7ff6cdb16a1b 27832 7ff6cdb16a3e 27831->27832 27833 7ff6cdb16a2f 27831->27833 28356 7ff6cdb15138 130 API calls 2 library calls 27832->28356 27833->27834 28294 7ff6cdb15e2c 27833->28294 27834->27711 27837 7ff6cdb16a3c 27837->27834 28357 7ff6cdb1466c 82 API calls 27837->28357 27839->27831 27841 7ff6cdb1f930 27840->27841 27844 7ff6cdb1f968 27841->27844 27852 7ff6cdb1f9ec 27841->27852 28472 7ff6cdb3600c 137 API calls 3 library calls 27841->28472 27843 7ff6cdb210e9 27846 7ff6cdb210ee 27843->27846 27847 7ff6cdb21141 27843->27847 27844->27843 27851 7ff6cdb1f988 27844->27851 27844->27852 27845 7ff6cdb42200 _handle_error 8 API calls 27848 7ff6cdb21124 27845->27848 27846->27852 28526 7ff6cdb1dcc0 179 API calls 27846->28526 27847->27852 28527 7ff6cdb3600c 137 API calls 3 library calls 27847->28527 27848->27711 27851->27852 28387 7ff6cdb19bb0 27851->28387 27852->27845 27854 7ff6cdb1fa8e 28400 7ff6cdb25f08 27854->28400 27858 7ff6cdb1fb16 27860 7ff6cdb1fb32 27858->27860 28474 7ff6cdb27c44 47 API calls 2 library calls 27858->28474 28013 7ff6cdb22ab0 101 API calls 27860->28013 27861 7ff6cdb1fb8f 27862 7ff6cdb1fc82 27861->27862 27863 7ff6cdb1fccf 27861->27863 27870 7ff6cdb120b0 33 API calls 27861->27870 27870->27862 28013->27861 28015 7ff6cdb12c88 28014->28015 28016 7ff6cdb12c74 28014->28016 28017 7ff6cdb11fa0 31 API calls 28015->28017 28016->28015 28628 7ff6cdb12d80 108 API calls _invalid_parameter_noinfo_noreturn 28016->28628 28022 7ff6cdb12ca1 28017->28022 28020 7ff6cdb12d08 28613 7ff6cdb13090 31 API calls _invalid_parameter_noinfo_noreturn 28020->28613 28021 7ff6cdb12d64 28024 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28021->28024 28022->28021 28612 7ff6cdb13090 31 API calls _invalid_parameter_noinfo_noreturn 28022->28612 28026 7ff6cdb12d7c 28024->28026 28025 7ff6cdb12d14 28027 7ff6cdb11fa0 31 API calls 28025->28027 28028 7ff6cdb12d20 28027->28028 28614 7ff6cdb2873c 28028->28614 28034->27708 28035->27718 28037 7ff6cdb24d42 memcpy_s 28036->28037 28046 7ff6cdb24bbc 28037->28046 28039 7ff6cdb24d64 28040 7ff6cdb24da0 28039->28040 28042 7ff6cdb24dbe 28039->28042 28041 7ff6cdb42200 _handle_error 8 API calls 28040->28041 28043 7ff6cdb12b32 28041->28043 28044 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28042->28044 28043->27692 28043->27761 28045 7ff6cdb24dc3 28044->28045 28047 7ff6cdb24c37 28046->28047 28049 7ff6cdb24c3f memcpy_s 28046->28049 28048 7ff6cdb11fa0 31 API calls 28047->28048 28048->28049 28049->28039 28050->27763 28051->27779 28052->27778 28054 7ff6cdb13396 28053->28054 28055 7ff6cdb1339a 28053->28055 28054->27800 28054->27805 28059 7ff6cdb13294 28055->28059 28058 7ff6cdb22ab0 101 API calls 28058->28054 28060 7ff6cdb132bb 28059->28060 28062 7ff6cdb132f6 28059->28062 28061 7ff6cdb169f8 132 API calls 28060->28061 28065 7ff6cdb132db 28061->28065 28067 7ff6cdb16e74 28062->28067 28065->28058 28071 7ff6cdb16e95 28067->28071 28068 7ff6cdb169f8 132 API calls 28068->28071 28069 7ff6cdb1331d 28069->28065 28072 7ff6cdb13904 28069->28072 28071->28068 28071->28069 28099 7ff6cdb2e774 28071->28099 28107 7ff6cdb16a7c 28072->28107 28075 7ff6cdb1396a 28078 7ff6cdb13989 28075->28078 28079 7ff6cdb1399a 28075->28079 28076 7ff6cdb13a8a 28080 7ff6cdb42200 _handle_error 8 API calls 28076->28080 28140 7ff6cdb30c28 33 API calls 28078->28140 28084 7ff6cdb139a3 28079->28084 28085 7ff6cdb139ec 28079->28085 28083 7ff6cdb13a9e 28080->28083 28081 7ff6cdb13ab3 28086 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28081->28086 28083->28065 28141 7ff6cdb30b54 33 API calls 28084->28141 28142 7ff6cdb126b4 33 API calls memcpy_s 28085->28142 28088 7ff6cdb13ab8 28086->28088 28094 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28088->28094 28089 7ff6cdb139b0 28091 7ff6cdb11fa0 31 API calls 28089->28091 28096 7ff6cdb139c0 memcpy_s 28089->28096 28091->28096 28092 7ff6cdb11fa0 31 API calls 28098 7ff6cdb1394f 28092->28098 28093 7ff6cdb13a13 28143 7ff6cdb309bc 34 API calls _invalid_parameter_noinfo_noreturn 28093->28143 28095 7ff6cdb13abe 28094->28095 28096->28092 28098->28076 28098->28081 28098->28088 28100 7ff6cdb2e77d 28099->28100 28101 7ff6cdb2e797 28100->28101 28105 7ff6cdb1b674 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28100->28105 28103 7ff6cdb2e7b1 SetThreadExecutionState 28101->28103 28106 7ff6cdb1b674 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28101->28106 28105->28101 28106->28103 28108 7ff6cdb16a96 _snwprintf 28107->28108 28109 7ff6cdb16ac4 28108->28109 28112 7ff6cdb16ae4 28108->28112 28182 7ff6cdb128a4 82 API calls 2 library calls 28109->28182 28111 7ff6cdb16d4d 28211 7ff6cdb128a4 82 API calls 2 library calls 28111->28211 28112->28111 28116 7ff6cdb16b0f 28112->28116 28114 7ff6cdb16ad0 28115 7ff6cdb42200 _handle_error 8 API calls 28114->28115 28117 7ff6cdb1394b 28115->28117 28116->28114 28144 7ff6cdb31e74 28116->28144 28117->28075 28117->28098 28139 7ff6cdb12794 33 API calls __std_swap_ranges_trivially_swappable 28117->28139 28120 7ff6cdb16b85 28123 7ff6cdb16c2a 28120->28123 28138 7ff6cdb16b7b 28120->28138 28188 7ff6cdb28918 109 API calls 28120->28188 28121 7ff6cdb16b6e 28183 7ff6cdb128a4 82 API calls 2 library calls 28121->28183 28122 7ff6cdb16b80 28122->28120 28184 7ff6cdb140b0 28122->28184 28153 7ff6cdb24770 28123->28153 28129 7ff6cdb16c52 28130 7ff6cdb16cc7 28129->28130 28131 7ff6cdb16cd1 28129->28131 28157 7ff6cdb216f4 28130->28157 28189 7ff6cdb31e00 28131->28189 28134 7ff6cdb16ccf 28209 7ff6cdb24710 8 API calls _handle_error 28134->28209 28136 7ff6cdb16cfd 28136->28138 28210 7ff6cdb1433c 82 API calls 2 library calls 28136->28210 28172 7ff6cdb31750 28138->28172 28139->28075 28140->28098 28141->28089 28142->28093 28143->28098 28145 7ff6cdb31f36 std::bad_alloc::bad_alloc 28144->28145 28148 7ff6cdb31ea5 std::bad_alloc::bad_alloc 28144->28148 28147 7ff6cdb43f58 Concurrency::cancel_current_task 2 API calls 28145->28147 28146 7ff6cdb16b59 28146->28120 28146->28121 28146->28122 28147->28148 28148->28146 28149 7ff6cdb43f58 Concurrency::cancel_current_task 2 API calls 28148->28149 28150 7ff6cdb31eef std::bad_alloc::bad_alloc 28148->28150 28149->28150 28150->28146 28151 7ff6cdb43f58 Concurrency::cancel_current_task 2 API calls 28150->28151 28152 7ff6cdb31f89 28151->28152 28154 7ff6cdb24790 28153->28154 28156 7ff6cdb2479a 28153->28156 28155 7ff6cdb420b0 33 API calls 28154->28155 28155->28156 28156->28129 28158 7ff6cdb2171e memcpy_s 28157->28158 28212 7ff6cdb289f8 28158->28212 28160 7ff6cdb217b6 28160->28134 28161 7ff6cdb21752 28163 7ff6cdb289f8 146 API calls 28161->28163 28164 7ff6cdb21790 28161->28164 28222 7ff6cdb28bfc 28161->28222 28163->28161 28164->28160 28165 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28164->28165 28169 7ff6cdb217e2 28165->28169 28166 7ff6cdb21822 28169->28166 28173 7ff6cdb3176e 28172->28173 28175 7ff6cdb31781 28173->28175 28232 7ff6cdb2e8b4 28173->28232 28179 7ff6cdb317b8 28175->28179 28228 7ff6cdb4224c 28175->28228 28177 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28178 7ff6cdb319b0 28177->28178 28181 7ff6cdb31917 28179->28181 28239 7ff6cdb2a934 31 API calls _invalid_parameter_noinfo_noreturn 28179->28239 28181->28177 28182->28114 28183->28138 28185 7ff6cdb140dd 28184->28185 28187 7ff6cdb140d7 memcpy_s 28184->28187 28185->28187 28240 7ff6cdb14120 28185->28240 28187->28120 28188->28123 28190 7ff6cdb31e09 28189->28190 28191 7ff6cdb31e3d 28190->28191 28192 7ff6cdb31e35 28190->28192 28194 7ff6cdb31e29 28190->28194 28191->28134 28276 7ff6cdb33844 151 API calls 28192->28276 28246 7ff6cdb31f8c 28194->28246 28196 7ff6cdb289f8 146 API calls 28205 7ff6cdb34613 memcpy_s 28196->28205 28197 7ff6cdb349b7 28265 7ff6cdb33364 28197->28265 28205->28196 28205->28197 28250 7ff6cdb2e948 28205->28250 28256 7ff6cdb2ec48 28205->28256 28260 7ff6cdb32280 28205->28260 28277 7ff6cdb32990 146 API calls 28205->28277 28278 7ff6cdb34a78 146 API calls 28205->28278 28279 7ff6cdb352d0 151 API calls 28205->28279 28209->28136 28210->28138 28211->28114 28213 7ff6cdb28b7d 28212->28213 28218 7ff6cdb28a41 memcpy_s 28212->28218 28214 7ff6cdb28bca 28213->28214 28216 7ff6cdb1a174 8 API calls 28213->28216 28215 7ff6cdb2e774 SetThreadExecutionState RtlPcToFileHeader RaiseException 28214->28215 28219 7ff6cdb28bcf 28215->28219 28216->28214 28217 7ff6cdb3600c 137 API calls 28217->28218 28218->28213 28218->28217 28218->28219 28220 7ff6cdb24898 108 API calls 28218->28220 28221 7ff6cdb228e0 104 API calls 28218->28221 28219->28161 28220->28218 28221->28218 28223 7ff6cdb28c22 memcpy_s 28222->28223 28224 7ff6cdb28c3b 28222->28224 28226 7ff6cdb28c69 28223->28226 28227 7ff6cdb24898 108 API calls 28223->28227 28224->28223 28225 7ff6cdb22cf0 104 API calls 28224->28225 28225->28223 28227->28226 28229 7ff6cdb4227f 28228->28229 28230 7ff6cdb422a8 28229->28230 28231 7ff6cdb31750 108 API calls 28229->28231 28230->28179 28231->28229 28233 7ff6cdb2ec48 103 API calls 28232->28233 28234 7ff6cdb2e8cb ReleaseSemaphore 28233->28234 28235 7ff6cdb2e8f0 28234->28235 28236 7ff6cdb2e90f DeleteCriticalSection CloseHandle CloseHandle 28234->28236 28237 7ff6cdb2e9c8 101 API calls 28235->28237 28238 7ff6cdb2e8fa FindCloseChangeNotification 28237->28238 28238->28235 28238->28236 28239->28181 28243 7ff6cdb14149 28240->28243 28245 7ff6cdb14168 memcpy_s __std_swap_ranges_trivially_swappable 28240->28245 28241 7ff6cdb12018 33 API calls 28242 7ff6cdb141eb 28241->28242 28244 7ff6cdb420b0 33 API calls 28243->28244 28243->28245 28244->28245 28245->28241 28248 7ff6cdb31fa8 memcpy_s 28246->28248 28247 7ff6cdb3209a 28247->28205 28248->28247 28249 7ff6cdb1b76c 82 API calls 28248->28249 28249->28248 28251 7ff6cdb2e969 28250->28251 28252 7ff6cdb2e96e 28250->28252 28257 7ff6cdb2ec89 28256->28257 28258 7ff6cdb2ec5a ResetEvent ReleaseSemaphore 28256->28258 28257->28205 28259 7ff6cdb2e9c8 101 API calls 28258->28259 28259->28257 28261 7ff6cdb3296c 28260->28261 28264 7ff6cdb322b9 28260->28264 28261->28205 28262 7ff6cdb33364 113 API calls 28262->28264 28263 7ff6cdb31a34 113 API calls 28263->28264 28264->28261 28264->28262 28264->28263 28264->28264 28276->28191 28277->28205 28278->28205 28279->28205 28281 7ff6cdb28842 28280->28281 28282 7ff6cdb28832 28280->28282 28281->27810 28287 7ff6cdb22400 28282->28287 28285 7ff6cdb42200 _handle_error 8 API calls 28284->28285 28286 7ff6cdb1f794 28285->28286 28286->27711 28286->27813 28288 7ff6cdb2241f 28287->28288 28291 7ff6cdb22ab0 101 API calls 28288->28291 28289 7ff6cdb22438 28292 7ff6cdb22bc0 101 API calls 28289->28292 28290 7ff6cdb22448 28290->28281 28291->28289 28292->28290 28293->27824 28295 7ff6cdb15e6f 28294->28295 28358 7ff6cdb285a0 28295->28358 28297 7ff6cdb16134 28368 7ff6cdb16fcc 82 API calls 28297->28368 28299 7ff6cdb1613c 28300 7ff6cdb169af 28299->28300 28302 7ff6cdb169e4 28299->28302 28312 7ff6cdb169ef 28299->28312 28301 7ff6cdb42200 _handle_error 8 API calls 28300->28301 28304 7ff6cdb169c3 28301->28304 28305 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28302->28305 28303 7ff6cdb16973 28381 7ff6cdb1466c 82 API calls 28303->28381 28304->27837 28308 7ff6cdb169e9 28305->28308 28307 7ff6cdb1612e 28307->28297 28307->28303 28309 7ff6cdb285a0 104 API calls 28307->28309 28310 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28308->28310 28311 7ff6cdb161a4 28309->28311 28310->28312 28311->28297 28315 7ff6cdb161ac 28311->28315 28313 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28312->28313 28314 7ff6cdb169f5 28313->28314 28316 7ff6cdb1623f 28315->28316 28369 7ff6cdb1466c 82 API calls 28315->28369 28316->28303 28318 7ff6cdb16266 28316->28318 28321 7ff6cdb168b7 28318->28321 28322 7ff6cdb162ce 28318->28322 28324 7ff6cdb24d14 31 API calls 28321->28324 28323 7ff6cdb16481 28322->28323 28326 7ff6cdb162e0 28322->28326 28373 7ff6cdb24c84 33 API calls 28323->28373 28329 7ff6cdb168c6 28324->28329 28326->28299 28327 7ff6cdb14228 33 API calls 28326->28327 28340 7ff6cdb1638f 28326->28340 28328 7ff6cdb16360 28327->28328 28329->28299 28380 7ff6cdb14840 130 API calls 3 library calls 28329->28380 28356->27837 28359 7ff6cdb2864a 28358->28359 28360 7ff6cdb285c4 28358->28360 28361 7ff6cdb2862c 28359->28361 28362 7ff6cdb140b0 33 API calls 28359->28362 28360->28361 28363 7ff6cdb140b0 33 API calls 28360->28363 28361->28307 28364 7ff6cdb28663 28362->28364 28365 7ff6cdb285fd 28363->28365 28367 7ff6cdb228e0 104 API calls 28364->28367 28382 7ff6cdb1a174 28365->28382 28367->28361 28368->28299 28380->28299 28383 7ff6cdb1a185 28382->28383 28384 7ff6cdb1a19a 28383->28384 28386 7ff6cdb2aec4 8 API calls 2 library calls 28383->28386 28384->28361 28386->28384 28395 7ff6cdb19be7 28387->28395 28388 7ff6cdb19c1b 28389 7ff6cdb42200 _handle_error 8 API calls 28388->28389 28390 7ff6cdb19c9d 28389->28390 28390->27854 28392 7ff6cdb19c83 28394 7ff6cdb11fa0 31 API calls 28392->28394 28394->28388 28395->28388 28395->28392 28396 7ff6cdb19cae 28395->28396 28528 7ff6cdb252a4 28395->28528 28546 7ff6cdb2dacc 28395->28546 28397 7ff6cdb19cbf 28396->28397 28550 7ff6cdb2d9b4 CompareStringW 28396->28550 28397->28392 28399 7ff6cdb120b0 33 API calls 28397->28399 28399->28392 28413 7ff6cdb25f4a 28400->28413 28401 7ff6cdb261ab 28403 7ff6cdb42200 _handle_error 8 API calls 28401->28403 28402 7ff6cdb261de 28554 7ff6cdb1704c 47 API calls memcpy_s 28402->28554 28404 7ff6cdb1fae1 28403->28404 28404->27860 28473 7ff6cdb27c44 47 API calls 2 library calls 28404->28473 28406 7ff6cdb1129c 33 API calls 28408 7ff6cdb26139 28406->28408 28407 7ff6cdb261e4 28409 7ff6cdb11fa0 31 API calls 28408->28409 28410 7ff6cdb2614b memcpy_s 28408->28410 28409->28410 28410->28401 28411 7ff6cdb261d9 28410->28411 28412 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28411->28412 28412->28402 28413->28401 28413->28402 28413->28406 28472->27844 28473->27858 28474->27860 28526->27852 28527->27852 28529 7ff6cdb252e4 28528->28529 28533 7ff6cdb25322 __vcrt_InitializeCriticalSectionEx 28529->28533 28541 7ff6cdb25349 __vcrt_InitializeCriticalSectionEx 28529->28541 28551 7ff6cdb312c8 CompareStringW 28529->28551 28530 7ff6cdb42200 _handle_error 8 API calls 28531 7ff6cdb25513 28530->28531 28531->28395 28535 7ff6cdb25392 __vcrt_InitializeCriticalSectionEx 28533->28535 28533->28541 28552 7ff6cdb312c8 CompareStringW 28533->28552 28536 7ff6cdb25449 28535->28536 28537 7ff6cdb1129c 33 API calls 28535->28537 28535->28541 28540 7ff6cdb2552b 28536->28540 28542 7ff6cdb25499 28536->28542 28538 7ff6cdb25436 28537->28538 28539 7ff6cdb272dc 8 API calls 28538->28539 28539->28536 28544 7ff6cdb477e4 _invalid_parameter_noinfo_noreturn 31 API calls 28540->28544 28541->28530 28542->28541 28553 7ff6cdb312c8 CompareStringW 28542->28553 28545 7ff6cdb25530 28544->28545 28548 7ff6cdb2dadf 28546->28548 28547 7ff6cdb2dafd 28547->28395 28548->28547 28549 7ff6cdb120b0 33 API calls 28548->28549 28549->28547 28550->28397 28551->28533 28552->28535 28553->28541 28554->28407 28612->28020 28613->28025 28615 7ff6cdb2875f 28614->28615 28625 7ff6cdb2878f 28614->28625 28616 7ff6cdb4224c 108 API calls 28615->28616 28619 7ff6cdb2877a 28616->28619 28617 7ff6cdb4224c 108 API calls 28621 7ff6cdb287c4 28617->28621 28620 7ff6cdb4224c 108 API calls 28619->28620 28620->28625 28623 7ff6cdb4224c 108 API calls 28621->28623 28622 7ff6cdb287f5 28624 7ff6cdb2462c 108 API calls 28622->28624 28626 7ff6cdb287db 28623->28626 28627 7ff6cdb28801 28624->28627 28625->28617 28625->28626 28629 7ff6cdb2462c 28626->28629 28628->28015 28630 7ff6cdb24642 28629->28630 28632 7ff6cdb2464a 28629->28632 28631 7ff6cdb2e8b4 108 API calls 28630->28631 28631->28632 28632->28622 28633->27346 28634->27353 28635->27355

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FF6CDB3B070 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Item$_invalid_parameter_noinfo_noreturn$Message$DialogText$ButtonChecked$FileSend$ErrorLast$CloseFindFocusLoadStringView$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmapWindow
                                                                                                                                                                                                          • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                                                                                                                                          • API String ID: 3303814210-2702805183
                                                                                                                                                                                                          • Opcode ID: fa1a1248da0eee8bb9c6b2c135254225a06a707859c16a46956c22940eca37a7
                                                                                                                                                                                                          • Instruction ID: f79de55186e1a5706b622535b5e0528a6f5c5530a11a4d5004b7949dc32ae174
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa1a1248da0eee8bb9c6b2c135254225a06a707859c16a46956c22940eca37a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30D2B3E2B0878392EA20DF65E8952B96361EF87786F404135D9ED876A9FF3CE544C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3CD68 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ButtonCheckedFileMove$DialogItemPathTemp
                                                                                                                                                                                                          • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                                                                                                                                          • API String ID: 1830998149-3916287355
                                                                                                                                                                                                          • Opcode ID: c3cc931237e6748134a2c1d62aa3536714c5ffe481b1857ace23a4c2cd176c5c
                                                                                                                                                                                                          • Instruction ID: 23037e64ea5bec391c7fc5ff8eb0e33192e414e6a0024c933a5270def2e00781
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3cc931237e6748134a2c1d62aa3536714c5ffe481b1857ace23a4c2cd176c5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B13B5B2B04B8296EB10DF74D8442EC27B1FB42799F500536DAAD97AD9EF38E585C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB40634 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1466 7ff6cdb40634-7ff6cdb40709 call 7ff6cdb2df3c call 7ff6cdb262ec call 7ff6cdb3934c call 7ff6cdb43bd0 call 7ff6cdb398f4 1477 7ff6cdb4070b-7ff6cdb40720 1466->1477 1478 7ff6cdb40740-7ff6cdb40763 1466->1478 1481 7ff6cdb4073b call 7ff6cdb420ec 1477->1481 1482 7ff6cdb40722-7ff6cdb40735 1477->1482 1479 7ff6cdb4079a-7ff6cdb407bd 1478->1479 1480 7ff6cdb40765-7ff6cdb4077a 1478->1480 1485 7ff6cdb407bf-7ff6cdb407d4 1479->1485 1486 7ff6cdb407f4-7ff6cdb40817 1479->1486 1483 7ff6cdb4077c-7ff6cdb4078f 1480->1483 1484 7ff6cdb40795 call 7ff6cdb420ec 1480->1484 1481->1478 1482->1481 1487 7ff6cdb40cbd-7ff6cdb40cc2 call 7ff6cdb477e4 1482->1487 1483->1484 1483->1487 1484->1479 1490 7ff6cdb407d6-7ff6cdb407e9 1485->1490 1491 7ff6cdb407ef call 7ff6cdb420ec 1485->1491 1492 7ff6cdb40819-7ff6cdb4082e 1486->1492 1493 7ff6cdb4084e-7ff6cdb4085a GetCommandLineW 1486->1493 1501 7ff6cdb40cc3-7ff6cdb40d0f call 7ff6cdb477e4 call 7ff6cdb417e0 1487->1501 1490->1487 1490->1491 1491->1486 1498 7ff6cdb40849 call 7ff6cdb420ec 1492->1498 1499 7ff6cdb40830-7ff6cdb40843 1492->1499 1495 7ff6cdb40a27-7ff6cdb40a3e call 7ff6cdb26464 1493->1495 1496 7ff6cdb40860-7ff6cdb40897 call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb3c9b0 1493->1496 1510 7ff6cdb40a69-7ff6cdb40bc4 call 7ff6cdb11fa0 SetEnvironmentVariableW GetLocalTime call 7ff6cdb23e38 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff6cdb3aef4 call 7ff6cdb2985c call 7ff6cdb36694 * 2 DialogBoxParamW call 7ff6cdb36788 * 2 1495->1510 1511 7ff6cdb40a40-7ff6cdb40a65 call 7ff6cdb11fa0 call 7ff6cdb43520 1495->1511 1526 7ff6cdb40899-7ff6cdb408ac 1496->1526 1527 7ff6cdb408cc-7ff6cdb408d3 1496->1527 1498->1493 1499->1487 1499->1498 1521 7ff6cdb40d14-7ff6cdb40d4a 1501->1521 1572 7ff6cdb40bc6 Sleep 1510->1572 1573 7ff6cdb40bcc-7ff6cdb40bd3 1510->1573 1511->1510 1525 7ff6cdb40d4c 1521->1525 1525->1525 1530 7ff6cdb408c7 call 7ff6cdb420ec 1526->1530 1531 7ff6cdb408ae-7ff6cdb408c1 1526->1531 1532 7ff6cdb408d9-7ff6cdb408f3 OpenFileMappingW 1527->1532 1533 7ff6cdb409bb-7ff6cdb409f2 call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb3fbec 1527->1533 1530->1527 1531->1501 1531->1530 1537 7ff6cdb408f9-7ff6cdb40919 MapViewOfFile 1532->1537 1538 7ff6cdb409b0-7ff6cdb409b9 CloseHandle 1532->1538 1533->1495 1554 7ff6cdb409f4-7ff6cdb40a07 1533->1554 1537->1538 1541 7ff6cdb4091f-7ff6cdb4094f UnmapViewOfFile MapViewOfFile 1537->1541 1538->1495 1541->1538 1544 7ff6cdb40951-7ff6cdb409aa call 7ff6cdb3a070 call 7ff6cdb3fbec call 7ff6cdb2b960 call 7ff6cdb2baac call 7ff6cdb2bb1c UnmapViewOfFile 1541->1544 1544->1538 1557 7ff6cdb40a09-7ff6cdb40a1c 1554->1557 1558 7ff6cdb40a22 call 7ff6cdb420ec 1554->1558 1557->1558 1561 7ff6cdb40cb7-7ff6cdb40cbc call 7ff6cdb477e4 1557->1561 1558->1495 1561->1487 1572->1573 1574 7ff6cdb40bda-7ff6cdb40bfd call 7ff6cdb2b88c DeleteObject 1573->1574 1575 7ff6cdb40bd5 call 7ff6cdb39e2c 1573->1575 1580 7ff6cdb40bff DeleteObject 1574->1580 1581 7ff6cdb40c05-7ff6cdb40c0c 1574->1581 1575->1574 1580->1581 1582 7ff6cdb40c28-7ff6cdb40c39 1581->1582 1583 7ff6cdb40c0e-7ff6cdb40c15 1581->1583 1585 7ff6cdb40c4d-7ff6cdb40c5a 1582->1585 1586 7ff6cdb40c3b-7ff6cdb40c47 call 7ff6cdb3fd04 CloseHandle 1582->1586 1583->1582 1584 7ff6cdb40c17-7ff6cdb40c23 call 7ff6cdb1ba1c 1583->1584 1584->1582 1587 7ff6cdb40c5c-7ff6cdb40c69 1585->1587 1588 7ff6cdb40c7f-7ff6cdb40c84 call 7ff6cdb393c4 1585->1588 1586->1585 1591 7ff6cdb40c79-7ff6cdb40c7b 1587->1591 1592 7ff6cdb40c6b-7ff6cdb40c73 1587->1592 1597 7ff6cdb40c89-7ff6cdb40cb6 call 7ff6cdb42200 1588->1597 1591->1588 1596 7ff6cdb40c7d 1591->1596 1592->1588 1595 7ff6cdb40c75-7ff6cdb40c77 1592->1595 1595->1588 1596->1588
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                                                                                                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                                                                          • API String ID: 1048086575-3710569615
                                                                                                                                                                                                          • Opcode ID: 3cf015b1185407393cba8033487ad466a5ea17343d08040d3a26a01d05833c23
                                                                                                                                                                                                          • Instruction ID: 65bdae8600be00989b5fe1671addd95a2c21077fbcc4e66a167b582537706f18
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf015b1185407393cba8033487ad466a5ea17343d08040d3a26a01d05833c23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B31281A1B18B8292EB10DF25E8452B97361FF86796F404235DAED87AA5FF3CE144C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2A45C Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Rect$ItemText$ByteCharClientLongMetricsMultiSystemWideswprintf
                                                                                                                                                                                                          • String ID: $%s:$CAPTION
                                                                                                                                                                                                          • API String ID: 1936833115-404845831
                                                                                                                                                                                                          • Opcode ID: 0f97b10e63c7eacc13c9f1d203baf504c460b1b461996c53aa071e032e53dcc4
                                                                                                                                                                                                          • Instruction ID: 6b3ab989b8123fb8fb5aab37b3858031a4ff72f83d6de316ea2169b00e452b21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f97b10e63c7eacc13c9f1d203baf504c460b1b461996c53aa071e032e53dcc4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78910972B1864287E718CF29E84466EB7A1FB85789F415435EE9D87B58EF3CE805CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB38504 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                                                                                                                          • String ID: PNG
                                                                                                                                                                                                          • API String ID: 541704414-364855578
                                                                                                                                                                                                          • Opcode ID: 964a3e4766442599f5b5b2c50d141baf56ab4eb83316e7091f8bf1c058c1ef4f
                                                                                                                                                                                                          • Instruction ID: efebff4afe13562f6f9f76eff569eb84b5a72a661888da1e633df8544b47daa4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964a3e4766442599f5b5b2c50d141baf56ab4eb83316e7091f8bf1c058c1ef4f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F4122A5B09B0282EF458F26E454379A7A0AF8AB96F480435CDADC7764FF7CE445C701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1F8E8 Relevance: 17.1, APIs: 8, Strings: 1, Instructions: 1396COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: __tmp_reference_source_
                                                                                                                                                                                                          • API String ID: 3668304517-685763994
                                                                                                                                                                                                          • Opcode ID: 9a1b211498849438d2819252a024eb4c205f1e3dfa705b130dc22b6ddeb13dab
                                                                                                                                                                                                          • Instruction ID: fd8da596bbd9e32f03438255b70bbe6f1ec399bac6527ba05d1646957b6bcc9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a1b211498849438d2819252a024eb4c205f1e3dfa705b130dc22b6ddeb13dab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6ED273A3B086C292EA64CF25E1443BEA7A1FB46785F404136DBED836A5EF3CE455C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB14840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: CMT
                                                                                                                                                                                                          • API String ID: 3668304517-2756464174
                                                                                                                                                                                                          • Opcode ID: 79d77a20da0ffa754a228f6689685b26b03dda1bfeee1c1ffc7c389a44fcdb7f
                                                                                                                                                                                                          • Instruction ID: dd3945af33a579f89174bda994d4c69acc38e339c83417784bfec55f07ba5e3a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79d77a20da0ffa754a228f6689685b26b03dda1bfeee1c1ffc7c389a44fcdb7f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E2EFA3B0868286EB18DF35D5542FEA7A1FB46789F400035DAAE87796EF3CE555C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB240CC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 3706 7ff6cdb240cc-7ff6cdb24103 3707 7ff6cdb24109-7ff6cdb24111 3706->3707 3708 7ff6cdb241e2-7ff6cdb241ef FindNextFileW 3706->3708 3709 7ff6cdb24116-7ff6cdb24128 FindFirstFileW 3707->3709 3710 7ff6cdb24113 3707->3710 3711 7ff6cdb241f1-7ff6cdb24201 GetLastError 3708->3711 3712 7ff6cdb24203-7ff6cdb24206 3708->3712 3709->3712 3713 7ff6cdb2412e-7ff6cdb24156 call 7ff6cdb26a1c 3709->3713 3710->3709 3714 7ff6cdb241da-7ff6cdb241dd 3711->3714 3715 7ff6cdb24208-7ff6cdb24210 3712->3715 3716 7ff6cdb24221-7ff6cdb24263 call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb28040 3712->3716 3728 7ff6cdb24177-7ff6cdb24180 3713->3728 3729 7ff6cdb24158-7ff6cdb24174 FindFirstFileW 3713->3729 3718 7ff6cdb242fb-7ff6cdb2431e call 7ff6cdb42200 3714->3718 3720 7ff6cdb24212 3715->3720 3721 7ff6cdb24215-7ff6cdb2421c call 7ff6cdb120b0 3715->3721 3742 7ff6cdb2429c-7ff6cdb242f6 call 7ff6cdb2f0d8 * 3 3716->3742 3743 7ff6cdb24265-7ff6cdb2427c 3716->3743 3720->3721 3721->3716 3731 7ff6cdb241b9-7ff6cdb241bd 3728->3731 3732 7ff6cdb24182-7ff6cdb24199 3728->3732 3729->3728 3731->3712 3736 7ff6cdb241bf-7ff6cdb241ce GetLastError 3731->3736 3733 7ff6cdb2419b-7ff6cdb241ae 3732->3733 3734 7ff6cdb241b4 call 7ff6cdb420ec 3732->3734 3733->3734 3737 7ff6cdb24325-7ff6cdb2432b call 7ff6cdb477e4 3733->3737 3734->3731 3740 7ff6cdb241d8 3736->3740 3741 7ff6cdb241d0-7ff6cdb241d6 3736->3741 3740->3714 3741->3714 3741->3740 3742->3718 3745 7ff6cdb24297 call 7ff6cdb420ec 3743->3745 3746 7ff6cdb2427e-7ff6cdb24291 3743->3746 3745->3742 3746->3745 3749 7ff6cdb2431f-7ff6cdb24324 call 7ff6cdb477e4 3746->3749 3749->3737
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 474548282-0
                                                                                                                                                                                                          • Opcode ID: 3701501b534fdf231aea3ed9899527aaf37a940aa259de45b57eb9610a1ccc33
                                                                                                                                                                                                          • Instruction ID: 2b06a62e6026351d9a504b917311c77daa6b50dbee9a8bafc2a82d320cb78d27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3701501b534fdf231aea3ed9899527aaf37a940aa259de45b57eb9610a1ccc33
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F361C1E3B08A4281EA10DF25E445269A361FB967AAF505335EAFD83AD9EF3CD544C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB15E2C Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 3817 7ff6cdb15e2c-7ff6cdb16129 call 7ff6cdb282ec call 7ff6cdb285a0 3823 7ff6cdb1612e-7ff6cdb16132 3817->3823 3824 7ff6cdb16141-7ff6cdb16171 call 7ff6cdb28388 call 7ff6cdb28520 call 7ff6cdb284d8 3823->3824 3825 7ff6cdb16134-7ff6cdb1613c call 7ff6cdb16fcc 3823->3825 3843 7ff6cdb16177-7ff6cdb16179 3824->3843 3844 7ff6cdb16973-7ff6cdb16976 call 7ff6cdb1466c 3824->3844 3830 7ff6cdb1697b 3825->3830 3832 7ff6cdb1697e-7ff6cdb16985 3830->3832 3834 7ff6cdb16987-7ff6cdb16998 3832->3834 3835 7ff6cdb169b4-7ff6cdb169e3 call 7ff6cdb42200 3832->3835 3837 7ff6cdb1699a-7ff6cdb169ad 3834->3837 3838 7ff6cdb169af call 7ff6cdb420ec 3834->3838 3837->3838 3841 7ff6cdb169e4-7ff6cdb169e9 call 7ff6cdb477e4 3837->3841 3838->3835 3852 7ff6cdb169ea-7ff6cdb169ef call 7ff6cdb477e4 3841->3852 3843->3844 3848 7ff6cdb1617f-7ff6cdb16189 3843->3848 3844->3830 3848->3844 3849 7ff6cdb1618f-7ff6cdb16192 3848->3849 3849->3844 3851 7ff6cdb16198-7ff6cdb161aa call 7ff6cdb285a0 3849->3851 3851->3825 3857 7ff6cdb161ac-7ff6cdb161fd call 7ff6cdb284a8 call 7ff6cdb284d8 * 2 3851->3857 3858 7ff6cdb169f0-7ff6cdb169f7 call 7ff6cdb477e4 3852->3858 3867 7ff6cdb1623f-7ff6cdb16249 3857->3867 3868 7ff6cdb161ff-7ff6cdb16222 call 7ff6cdb1466c call 7ff6cdb1ba1c 3857->3868 3869 7ff6cdb16266-7ff6cdb16270 3867->3869 3870 7ff6cdb1624b-7ff6cdb16260 call 7ff6cdb284d8 3867->3870 3868->3867 3883 7ff6cdb16224-7ff6cdb1622e call 7ff6cdb1433c 3868->3883 3873 7ff6cdb1627e-7ff6cdb16296 call 7ff6cdb1334c 3869->3873 3874 7ff6cdb16272-7ff6cdb1627b call 7ff6cdb284d8 3869->3874 3870->3844 3870->3869 3884 7ff6cdb16298-7ff6cdb1629b 3873->3884 3885 7ff6cdb162b3 3873->3885 3874->3873 3883->3867 3884->3885 3888 7ff6cdb1629d-7ff6cdb162b1 3884->3888 3886 7ff6cdb162b6-7ff6cdb162c8 3885->3886 3889 7ff6cdb168b7-7ff6cdb16929 call 7ff6cdb24d14 call 7ff6cdb284d8 3886->3889 3890 7ff6cdb162ce-7ff6cdb162d1 3886->3890 3888->3885 3888->3886 3909 7ff6cdb16936 3889->3909 3910 7ff6cdb1692b-7ff6cdb16934 call 7ff6cdb284d8 3889->3910 3891 7ff6cdb162d7-7ff6cdb162da 3890->3891 3892 7ff6cdb16481-7ff6cdb164f4 call 7ff6cdb24c84 call 7ff6cdb284d8 * 2 3890->3892 3891->3892 3894 7ff6cdb162e0-7ff6cdb162e3 3891->3894 3924 7ff6cdb164f6-7ff6cdb16500 3892->3924 3925 7ff6cdb16507-7ff6cdb16533 call 7ff6cdb284d8 3892->3925 3897 7ff6cdb1632e-7ff6cdb16353 call 7ff6cdb284d8 3894->3897 3898 7ff6cdb162e5-7ff6cdb162e8 3894->3898 3913 7ff6cdb1639e-7ff6cdb163c5 call 7ff6cdb284d8 call 7ff6cdb28334 3897->3913 3914 7ff6cdb16355-7ff6cdb1638f call 7ff6cdb14228 call 7ff6cdb13c84 call 7ff6cdb1701c call 7ff6cdb11fa0 3897->3914 3901 7ff6cdb1696d-7ff6cdb16971 3898->3901 3902 7ff6cdb162ee-7ff6cdb16329 call 7ff6cdb284d8 3898->3902 3901->3832 3902->3901 3916 7ff6cdb16939-7ff6cdb16946 3909->3916 3910->3916 3937 7ff6cdb163c7-7ff6cdb16400 call 7ff6cdb14228 call 7ff6cdb13c84 call 7ff6cdb1701c call 7ff6cdb11fa0 3913->3937 3938 7ff6cdb16402-7ff6cdb1641f call 7ff6cdb283f4 3913->3938 3961 7ff6cdb16390-7ff6cdb16399 call 7ff6cdb11fa0 3914->3961 3921 7ff6cdb16948-7ff6cdb1694a 3916->3921 3922 7ff6cdb1694c 3916->3922 3921->3922 3923 7ff6cdb1694f-7ff6cdb16959 3921->3923 3922->3923 3923->3901 3928 7ff6cdb1695b-7ff6cdb16968 call 7ff6cdb14840 3923->3928 3924->3925 3939 7ff6cdb16549-7ff6cdb16557 3925->3939 3940 7ff6cdb16535-7ff6cdb16544 call 7ff6cdb28388 call 7ff6cdb2f0a4 3925->3940 3928->3901 3937->3961 3958 7ff6cdb16421-7ff6cdb1646f call 7ff6cdb283f4 * 2 call 7ff6cdb2c7ac call 7ff6cdb44950 3938->3958 3959 7ff6cdb16475-7ff6cdb1647c 3938->3959 3942 7ff6cdb16559-7ff6cdb1656c call 7ff6cdb28388 3939->3942 3943 7ff6cdb16572-7ff6cdb16595 call 7ff6cdb284d8 3939->3943 3940->3939 3942->3943 3962 7ff6cdb16597-7ff6cdb1659e 3943->3962 3963 7ff6cdb165a0-7ff6cdb165b0 3943->3963 3958->3959 3959->3901 3961->3913 3967 7ff6cdb165b3-7ff6cdb165eb call 7ff6cdb284d8 * 2 3962->3967 3963->3967 3981 7ff6cdb165f6-7ff6cdb165fa 3967->3981 3982 7ff6cdb165ed-7ff6cdb165f4 3967->3982 3984 7ff6cdb16603-7ff6cdb16632 3981->3984 3986 7ff6cdb165fc 3981->3986 3982->3984 3987 7ff6cdb1663f 3984->3987 3988 7ff6cdb16634-7ff6cdb16638 3984->3988 3986->3984 3990 7ff6cdb16641-7ff6cdb16656 3987->3990 3988->3987 3989 7ff6cdb1663a-7ff6cdb1663d 3988->3989 3989->3990 3991 7ff6cdb16658-7ff6cdb1665b 3990->3991 3992 7ff6cdb166ca 3990->3992 3991->3992 3993 7ff6cdb1665d-7ff6cdb16683 3991->3993 3994 7ff6cdb166d2-7ff6cdb16731 call 7ff6cdb13d00 call 7ff6cdb283f4 call 7ff6cdb30c28 3992->3994 3993->3994 3996 7ff6cdb16685-7ff6cdb166a9 3993->3996 4005 7ff6cdb16733-7ff6cdb16740 call 7ff6cdb14840 3994->4005 4006 7ff6cdb16745-7ff6cdb16749 3994->4006 3998 7ff6cdb166ab 3996->3998 3999 7ff6cdb166b2-7ff6cdb166bf 3996->3999 3998->3999 3999->3994 4001 7ff6cdb166c1-7ff6cdb166c8 3999->4001 4001->3994 4005->4006 4008 7ff6cdb1675b-7ff6cdb16772 call 7ff6cdb4785c 4006->4008 4009 7ff6cdb1674b-7ff6cdb16756 call 7ff6cdb1473c 4006->4009 4015 7ff6cdb16777-7ff6cdb1677e 4008->4015 4016 7ff6cdb16774 4008->4016 4014 7ff6cdb16859-7ff6cdb16860 4009->4014 4019 7ff6cdb16862-7ff6cdb16872 call 7ff6cdb1433c 4014->4019 4020 7ff6cdb16873-7ff6cdb1687b 4014->4020 4017 7ff6cdb16780-7ff6cdb16783 4015->4017 4018 7ff6cdb167a3-7ff6cdb167ba call 7ff6cdb4785c 4015->4018 4016->4015 4022 7ff6cdb1679c 4017->4022 4023 7ff6cdb16785 4017->4023 4033 7ff6cdb167bc 4018->4033 4034 7ff6cdb167bf-7ff6cdb167c6 4018->4034 4019->4020 4020->3901 4021 7ff6cdb16881-7ff6cdb16892 4020->4021 4026 7ff6cdb168ad-7ff6cdb168b2 call 7ff6cdb420ec 4021->4026 4027 7ff6cdb16894-7ff6cdb168a7 4021->4027 4022->4018 4028 7ff6cdb16788-7ff6cdb16791 4023->4028 4026->3901 4027->3858 4027->4026 4028->4018 4032 7ff6cdb16793-7ff6cdb1679a 4028->4032 4032->4022 4032->4028 4033->4034 4034->4014 4036 7ff6cdb167cc-7ff6cdb167cf 4034->4036 4037 7ff6cdb167e8-7ff6cdb167f0 4036->4037 4038 7ff6cdb167d1 4036->4038 4037->4014 4039 7ff6cdb167f2-7ff6cdb16826 call 7ff6cdb28310 call 7ff6cdb28548 call 7ff6cdb284d8 4037->4039 4040 7ff6cdb167d4-7ff6cdb167dd 4038->4040 4039->4014 4048 7ff6cdb16828-7ff6cdb16839 4039->4048 4040->4014 4042 7ff6cdb167df-7ff6cdb167e6 4040->4042 4042->4037 4042->4040 4049 7ff6cdb1683b-7ff6cdb1684e 4048->4049 4050 7ff6cdb16854 call 7ff6cdb420ec 4048->4050 4049->3852 4049->4050 4050->4014
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: CMT
                                                                                                                                                                                                          • API String ID: 0-2756464174
                                                                                                                                                                                                          • Opcode ID: 832fad852de2a3bb5d079ecd498cb82d6a35d45a4a3c396cd13c740cf52f72cc
                                                                                                                                                                                                          • Instruction ID: 475c5e10b25a6f56e50cd21f99a03119d683276cdaa9ebf9cc6c36282851dd9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 832fad852de2a3bb5d079ecd498cb82d6a35d45a4a3c396cd13c740cf52f72cc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3742DEA3B0868297EB18DF74C1502FD77A1EB56789F400136DBAE93696EF38E558C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB31E00 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 29ba9ee39043de2ed211329d99a14a036d35ebd86ecffaa38a0ab5fb2c373eee
                                                                                                                                                                                                          • Instruction ID: e67867dbef5cc3bd9cb4b682634964cabc98acdd52b471a58f9335dc66e4981b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29ba9ee39043de2ed211329d99a14a036d35ebd86ecffaa38a0ab5fb2c373eee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9E1E7A2B082828BEB64CF29A4442BDB791FB56749F054139DBEDC7785EE3CE541D700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB33364 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4adc5e5360e31c7bbfcf75934ae1acdc6dcec02cf26cf6597a20636be5d282a7
                                                                                                                                                                                                          • Instruction ID: 339dfb821a2c861847038006e77d64aea7c8358ed1869732031b1e72377ab574
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4adc5e5360e31c7bbfcf75934ae1acdc6dcec02cf26cf6597a20636be5d282a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB1C0E2B087C592DE58CE669508AEA7391BB06FC5F888036DEAD4B741EF3CE155D300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB24938 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3340455307-0
                                                                                                                                                                                                          • Opcode ID: dfe7c3859ed454adfd115bd5e162aace49cc0573e9f009016389c648432cf77c
                                                                                                                                                                                                          • Instruction ID: fe9a3ed808999fa756ab8f7ce7cdab18616f27c4ac9cb290c06013e42844d9bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfe7c3859ed454adfd115bd5e162aace49cc0573e9f009016389c648432cf77c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74415EA3B1465286FB68DF11E90877A6252FBD678DF044038DE9D87B54EE3CE446C704
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2DF3C Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 7ff6cdb2df3c-7ff6cdb2df90 call 7ff6cdb42330 GetModuleHandleW 3 7ff6cdb2dfe7-7ff6cdb2e311 0->3 4 7ff6cdb2df92-7ff6cdb2dfa5 GetProcAddress 0->4 7 7ff6cdb2e317-7ff6cdb2e320 call 7ff6cdb4b668 3->7 8 7ff6cdb2e46f-7ff6cdb2e48d call 7ff6cdb26464 call 7ff6cdb27da4 3->8 5 7ff6cdb2dfa7-7ff6cdb2dfb6 4->5 6 7ff6cdb2dfbf-7ff6cdb2dfd2 GetProcAddress 4->6 5->6 6->3 10 7ff6cdb2dfd4-7ff6cdb2dfe4 6->10 7->8 16 7ff6cdb2e326-7ff6cdb2e369 call 7ff6cdb26464 CreateFileW 7->16 20 7ff6cdb2e491-7ff6cdb2e49b call 7ff6cdb251b4 8->20 10->3 21 7ff6cdb2e45c-7ff6cdb2e46a CloseHandle call 7ff6cdb11fa0 16->21 22 7ff6cdb2e36f-7ff6cdb2e382 SetFilePointer 16->22 28 7ff6cdb2e49d-7ff6cdb2e4a8 call 7ff6cdb2dcf4 20->28 29 7ff6cdb2e4d0-7ff6cdb2e518 call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb28040 call 7ff6cdb11fa0 call 7ff6cdb232cc 20->29 21->8 22->21 24 7ff6cdb2e388-7ff6cdb2e3aa ReadFile 22->24 24->21 27 7ff6cdb2e3b0-7ff6cdb2e3be 24->27 31 7ff6cdb2e76c-7ff6cdb2e773 call 7ff6cdb42504 27->31 32 7ff6cdb2e3c4-7ff6cdb2e418 call 7ff6cdb4785c call 7ff6cdb1129c 27->32 28->29 41 7ff6cdb2e4aa-7ff6cdb2e4ce CompareStringW 28->41 69 7ff6cdb2e51d-7ff6cdb2e520 29->69 49 7ff6cdb2e42f-7ff6cdb2e445 call 7ff6cdb2d04c 32->49 41->29 42 7ff6cdb2e529-7ff6cdb2e532 41->42 42->20 47 7ff6cdb2e538 42->47 50 7ff6cdb2e53d-7ff6cdb2e540 47->50 64 7ff6cdb2e447-7ff6cdb2e457 call 7ff6cdb11fa0 * 2 49->64 65 7ff6cdb2e41a-7ff6cdb2e42a call 7ff6cdb2dcf4 49->65 51 7ff6cdb2e5ab-7ff6cdb2e5ae 50->51 52 7ff6cdb2e542-7ff6cdb2e545 50->52 55 7ff6cdb2e72e-7ff6cdb2e76b call 7ff6cdb11fa0 * 2 call 7ff6cdb42200 51->55 56 7ff6cdb2e5b4-7ff6cdb2e5c7 call 7ff6cdb27e60 call 7ff6cdb251b4 51->56 57 7ff6cdb2e549-7ff6cdb2e599 call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb28040 call 7ff6cdb11fa0 call 7ff6cdb232cc 52->57 82 7ff6cdb2e5cd-7ff6cdb2e66d call 7ff6cdb2dcf4 * 2 call 7ff6cdb2aa90 call 7ff6cdb2da04 call 7ff6cdb2aa90 call 7ff6cdb2db98 call 7ff6cdb3868c call 7ff6cdb119e0 56->82 83 7ff6cdb2e672-7ff6cdb2e6bf call 7ff6cdb2da04 AllocConsole 56->83 108 7ff6cdb2e5a8 57->108 109 7ff6cdb2e59b-7ff6cdb2e5a4 57->109 64->21 65->49 76 7ff6cdb2e53a 69->76 77 7ff6cdb2e522 69->77 76->50 77->42 100 7ff6cdb2e720-7ff6cdb2e727 call 7ff6cdb119e0 ExitProcess 82->100 94 7ff6cdb2e71c 83->94 95 7ff6cdb2e6c1-7ff6cdb2e716 GetCurrentProcessId AttachConsole call 7ff6cdb2e7d4 call 7ff6cdb2e7c4 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->100 95->94 108->51 109->57 112 7ff6cdb2e5a6 109->112 112->51
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                                                                                                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                                                                                                                          • API String ID: 1496594111-2013832382
                                                                                                                                                                                                          • Opcode ID: a97d0c65318b225b22df9e3453455be42fefb62485aae8da8dad92dbaea153c0
                                                                                                                                                                                                          • Instruction ID: 31c20f1d34a85508176398a2d327dd7870f775a40bac58072fa17e28c3881970
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a97d0c65318b225b22df9e3453455be42fefb62485aae8da8dad92dbaea153c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD321876B09B8299EB219F60E8401E973A4FF4635AF500236DAED86765FF3CE255C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2988C Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB28E08: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CDB28F3D
                                                                                                                                                                                                          • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF6CDB29F25
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB2A3DF
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB2A3E5
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB30A90: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6CDB30A18), ref: 00007FF6CDB30ABD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                                                                                                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                                                                                                                          • API String ID: 3629253777-3268106645
                                                                                                                                                                                                          • Opcode ID: 66610e022f4de4060f360c73c1aa570acb7af1ed975cd0e7eaf94a8b3c384ca3
                                                                                                                                                                                                          • Instruction ID: 808a6c00a74bc6a41e895c20b7219879c3dccf3711a72a752a3ef04ed22f6f19
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66610e022f4de4060f360c73c1aa570acb7af1ed975cd0e7eaf94a8b3c384ca3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F62CDA3B18A8285EB10DF24C4882BE7365FB46799F804136DAAD876D5FF3CE645C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB417E0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1910 7ff6cdb417e0-7ff6cdb41869 call 7ff6cdb41438 1913 7ff6cdb4186b-7ff6cdb4188f call 7ff6cdb41748 RaiseException 1910->1913 1914 7ff6cdb41894-7ff6cdb418b1 1910->1914 1920 7ff6cdb41a98-7ff6cdb41ab5 1913->1920 1916 7ff6cdb418c6-7ff6cdb418ca 1914->1916 1917 7ff6cdb418b3-7ff6cdb418c4 1914->1917 1919 7ff6cdb418cd-7ff6cdb418d9 1916->1919 1917->1919 1921 7ff6cdb418db-7ff6cdb418ed 1919->1921 1922 7ff6cdb418fa-7ff6cdb418fd 1919->1922 1934 7ff6cdb41a69-7ff6cdb41a73 1921->1934 1935 7ff6cdb418f3 1921->1935 1923 7ff6cdb419a4-7ff6cdb419ab 1922->1923 1924 7ff6cdb41903-7ff6cdb41906 1922->1924 1926 7ff6cdb419ad-7ff6cdb419bc 1923->1926 1927 7ff6cdb419bf-7ff6cdb419c2 1923->1927 1928 7ff6cdb41908-7ff6cdb4191b 1924->1928 1929 7ff6cdb4191d-7ff6cdb41932 LoadLibraryExA 1924->1929 1926->1927 1930 7ff6cdb419c8-7ff6cdb419cc 1927->1930 1931 7ff6cdb41a65 1927->1931 1928->1929 1932 7ff6cdb41989-7ff6cdb41992 1928->1932 1929->1932 1933 7ff6cdb41934-7ff6cdb41947 GetLastError 1929->1933 1937 7ff6cdb419fb-7ff6cdb41a0e GetProcAddress 1930->1937 1938 7ff6cdb419ce-7ff6cdb419d2 1930->1938 1931->1934 1943 7ff6cdb4199d 1932->1943 1944 7ff6cdb41994-7ff6cdb41997 FreeLibrary 1932->1944 1939 7ff6cdb41949-7ff6cdb4195c 1933->1939 1940 7ff6cdb4195e-7ff6cdb41984 call 7ff6cdb41748 RaiseException 1933->1940 1941 7ff6cdb41a90 call 7ff6cdb41748 1934->1941 1942 7ff6cdb41a75-7ff6cdb41a86 1934->1942 1935->1922 1937->1931 1949 7ff6cdb41a10-7ff6cdb41a23 GetLastError 1937->1949 1938->1937 1946 7ff6cdb419d4-7ff6cdb419df 1938->1946 1939->1932 1939->1940 1940->1920 1952 7ff6cdb41a95 1941->1952 1942->1941 1943->1923 1944->1943 1946->1937 1950 7ff6cdb419e1-7ff6cdb419e8 1946->1950 1954 7ff6cdb41a3a-7ff6cdb41a61 call 7ff6cdb41748 RaiseException call 7ff6cdb41438 1949->1954 1955 7ff6cdb41a25-7ff6cdb41a38 1949->1955 1950->1937 1956 7ff6cdb419ea-7ff6cdb419ef 1950->1956 1952->1920 1954->1931 1955->1931 1955->1954 1956->1937 1958 7ff6cdb419f1-7ff6cdb419f9 1956->1958 1958->1931 1958->1937
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                          • API String ID: 3432403771-2852464175
                                                                                                                                                                                                          • Opcode ID: d502b893622e318fe04c5d8657585a281d9fc288093b581db3e70e2b50933adb
                                                                                                                                                                                                          • Instruction ID: ddfc6d8389cdb6064117f9518505dadd932e1aee565e796c2a8448b8c5243690
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d502b893622e318fe04c5d8657585a281d9fc288093b581db3e70e2b50933adb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D916BA6F05B128AEB40CFA5D8446BC73A0BB09B8AF48453ADEAD57754FF38E445D300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3F3C0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1990 7ff6cdb3f3c0-7ff6cdb3f403 1991 7ff6cdb3f409-7ff6cdb3f445 call 7ff6cdb43bd0 1990->1991 1992 7ff6cdb3f774-7ff6cdb3f799 call 7ff6cdb11fa0 call 7ff6cdb42200 1990->1992 1997 7ff6cdb3f447 1991->1997 1998 7ff6cdb3f44a-7ff6cdb3f451 1991->1998 1997->1998 2001 7ff6cdb3f453-7ff6cdb3f457 1998->2001 2002 7ff6cdb3f462-7ff6cdb3f466 1998->2002 2003 7ff6cdb3f459 2001->2003 2004 7ff6cdb3f45c-7ff6cdb3f460 2001->2004 2005 7ff6cdb3f468 2002->2005 2006 7ff6cdb3f46b-7ff6cdb3f476 2002->2006 2003->2004 2004->2006 2005->2006 2007 7ff6cdb3f508 2006->2007 2008 7ff6cdb3f47c 2006->2008 2010 7ff6cdb3f50c-7ff6cdb3f50f 2007->2010 2009 7ff6cdb3f482-7ff6cdb3f489 2008->2009 2011 7ff6cdb3f48b 2009->2011 2012 7ff6cdb3f48e-7ff6cdb3f493 2009->2012 2013 7ff6cdb3f517-7ff6cdb3f51a 2010->2013 2014 7ff6cdb3f511-7ff6cdb3f515 2010->2014 2011->2012 2017 7ff6cdb3f4c5-7ff6cdb3f4d0 2012->2017 2018 7ff6cdb3f495 2012->2018 2015 7ff6cdb3f540-7ff6cdb3f553 call 7ff6cdb263bc 2013->2015 2016 7ff6cdb3f51c-7ff6cdb3f523 2013->2016 2014->2013 2014->2015 2031 7ff6cdb3f578-7ff6cdb3f5cd call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb232b8 call 7ff6cdb11fa0 2015->2031 2032 7ff6cdb3f555-7ff6cdb3f573 call 7ff6cdb31298 2015->2032 2016->2015 2019 7ff6cdb3f525-7ff6cdb3f53c 2016->2019 2021 7ff6cdb3f4d5-7ff6cdb3f4da 2017->2021 2022 7ff6cdb3f4d2 2017->2022 2023 7ff6cdb3f4aa-7ff6cdb3f4b0 2018->2023 2019->2015 2027 7ff6cdb3f79a-7ff6cdb3f7a1 2021->2027 2028 7ff6cdb3f4e0-7ff6cdb3f4e7 2021->2028 2022->2021 2024 7ff6cdb3f497-7ff6cdb3f49e 2023->2024 2025 7ff6cdb3f4b2 2023->2025 2035 7ff6cdb3f4a0 2024->2035 2036 7ff6cdb3f4a3-7ff6cdb3f4a8 2024->2036 2025->2017 2029 7ff6cdb3f7a6-7ff6cdb3f7ab 2027->2029 2030 7ff6cdb3f7a3 2027->2030 2033 7ff6cdb3f4e9 2028->2033 2034 7ff6cdb3f4ec-7ff6cdb3f4f2 2028->2034 2038 7ff6cdb3f7ad-7ff6cdb3f7b4 2029->2038 2039 7ff6cdb3f7be-7ff6cdb3f7c6 2029->2039 2030->2029 2057 7ff6cdb3f5cf-7ff6cdb3f61d call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb25b70 call 7ff6cdb11fa0 2031->2057 2058 7ff6cdb3f622-7ff6cdb3f62f ShellExecuteExW 2031->2058 2032->2031 2033->2034 2034->2027 2042 7ff6cdb3f4f8-7ff6cdb3f502 2034->2042 2035->2036 2036->2023 2037 7ff6cdb3f4b4-7ff6cdb3f4bb 2036->2037 2043 7ff6cdb3f4bd 2037->2043 2044 7ff6cdb3f4c0 2037->2044 2045 7ff6cdb3f7b9 2038->2045 2046 7ff6cdb3f7b6 2038->2046 2047 7ff6cdb3f7c8 2039->2047 2048 7ff6cdb3f7cb-7ff6cdb3f7d6 2039->2048 2042->2007 2042->2009 2043->2044 2044->2017 2045->2039 2046->2045 2047->2048 2048->2010 2057->2058 2060 7ff6cdb3f726-7ff6cdb3f72e 2058->2060 2061 7ff6cdb3f635-7ff6cdb3f63f 2058->2061 2063 7ff6cdb3f730-7ff6cdb3f746 2060->2063 2064 7ff6cdb3f762-7ff6cdb3f76f 2060->2064 2065 7ff6cdb3f641-7ff6cdb3f644 2061->2065 2066 7ff6cdb3f64f-7ff6cdb3f652 2061->2066 2070 7ff6cdb3f748-7ff6cdb3f75b 2063->2070 2071 7ff6cdb3f75d call 7ff6cdb420ec 2063->2071 2064->1992 2065->2066 2072 7ff6cdb3f646-7ff6cdb3f64d 2065->2072 2067 7ff6cdb3f66e-7ff6cdb3f68d call 7ff6cdb7e1b8 call 7ff6cdb3fd04 2066->2067 2068 7ff6cdb3f654-7ff6cdb3f65f call 7ff6cdb7e188 2066->2068 2078 7ff6cdb3f6c3-7ff6cdb3f6d0 CloseHandle 2067->2078 2098 7ff6cdb3f68f-7ff6cdb3f692 2067->2098 2068->2067 2087 7ff6cdb3f661-7ff6cdb3f66c ShowWindow 2068->2087 2070->2071 2076 7ff6cdb3f7db-7ff6cdb3f7e3 call 7ff6cdb477e4 2070->2076 2071->2064 2072->2066 2072->2078 2083 7ff6cdb3f6e5-7ff6cdb3f6ec 2078->2083 2084 7ff6cdb3f6d2-7ff6cdb3f6e3 call 7ff6cdb31298 2078->2084 2085 7ff6cdb3f70e-7ff6cdb3f710 2083->2085 2086 7ff6cdb3f6ee-7ff6cdb3f6f1 2083->2086 2084->2083 2084->2085 2085->2060 2093 7ff6cdb3f712-7ff6cdb3f715 2085->2093 2086->2085 2092 7ff6cdb3f6f3-7ff6cdb3f708 2086->2092 2087->2067 2092->2085 2093->2060 2097 7ff6cdb3f717-7ff6cdb3f725 ShowWindow 2093->2097 2097->2060 2098->2078 2100 7ff6cdb3f694-7ff6cdb3f6a5 GetExitCodeProcess 2098->2100 2100->2078 2101 7ff6cdb3f6a7-7ff6cdb3f6bc 2100->2101 2101->2078
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: .exe$.inf$Install$p
                                                                                                                                                                                                          • API String ID: 1054546013-3607691742
                                                                                                                                                                                                          • Opcode ID: 3cccbf155df5727a74089406123dfcd58e61338677e259a012e923e757bb25ff
                                                                                                                                                                                                          • Instruction ID: fe8389302fce1c6460a3cd98f498dbd0f9a4fe5ac72b081a8bfb4aa70cad20b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cccbf155df5727a74089406123dfcd58e61338677e259a012e923e757bb25ff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9C16DA2F18A0296FB10DF65D95427D23B1AF8AB86F044035DAAD87BA5FF3CE455D300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3EF84 Relevance: 16.6, APIs: 11, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ButtonChecked$Message$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4119318379-0
                                                                                                                                                                                                          • Opcode ID: 253ab4858e17339d5a492e1b46975a376c44fb8caa76ba8f9d9796d39d916b50
                                                                                                                                                                                                          • Instruction ID: 537ebfaab88e5ac070d77702454515439c10ad7ceb54d329b2cc8308bd1651bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 253ab4858e17339d5a492e1b46975a376c44fb8caa76ba8f9d9796d39d916b50
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F141F4B1B14A4297F700CF65E800FAE3360EB4AB99F451135EDAA8BB94DF3DE4498750
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1EEC8 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: f4bc2594cd83d321eef4cd27188afa95904b93077d80d968f10a3441a0a5ecc9
                                                                                                                                                                                                          • Instruction ID: ef38d23407ddc4341aa46ac3032efdaf194f28d200713766890fa5c12f92ab31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4bc2594cd83d321eef4cd27188afa95904b93077d80d968f10a3441a0a5ecc9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E31293A3F08B4185FB10DF65D4542AD23B1AB4A7A9F404236DEAC97AD9EF3CE585C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB224D0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 3757 7ff6cdb224d0-7ff6cdb2250b 3758 7ff6cdb22516 3757->3758 3759 7ff6cdb2250d-7ff6cdb22514 3757->3759 3760 7ff6cdb22519-7ff6cdb22588 3758->3760 3759->3758 3759->3760 3761 7ff6cdb2258a 3760->3761 3762 7ff6cdb2258d-7ff6cdb225b8 CreateFileW 3760->3762 3761->3762 3763 7ff6cdb22698-7ff6cdb2269d 3762->3763 3764 7ff6cdb225be-7ff6cdb225ee GetLastError call 7ff6cdb26a1c 3762->3764 3765 7ff6cdb226a3-7ff6cdb226a7 3763->3765 3773 7ff6cdb2263c 3764->3773 3774 7ff6cdb225f0-7ff6cdb2263a CreateFileW GetLastError 3764->3774 3767 7ff6cdb226a9-7ff6cdb226ac 3765->3767 3768 7ff6cdb226b5-7ff6cdb226b9 3765->3768 3767->3768 3770 7ff6cdb226ae 3767->3770 3771 7ff6cdb226bb-7ff6cdb226bf 3768->3771 3772 7ff6cdb226df-7ff6cdb226f3 3768->3772 3770->3768 3771->3772 3775 7ff6cdb226c1-7ff6cdb226d9 SetFileTime 3771->3775 3776 7ff6cdb2271c-7ff6cdb22745 call 7ff6cdb42200 3772->3776 3777 7ff6cdb226f5-7ff6cdb22700 3772->3777 3778 7ff6cdb22642-7ff6cdb2264a 3773->3778 3774->3778 3775->3772 3780 7ff6cdb22718 3777->3780 3781 7ff6cdb22702-7ff6cdb2270a 3777->3781 3782 7ff6cdb2264c-7ff6cdb22663 3778->3782 3783 7ff6cdb22683-7ff6cdb22696 3778->3783 3780->3776 3785 7ff6cdb2270c 3781->3785 3786 7ff6cdb2270f-7ff6cdb22713 call 7ff6cdb120b0 3781->3786 3787 7ff6cdb2267e call 7ff6cdb420ec 3782->3787 3788 7ff6cdb22665-7ff6cdb22678 3782->3788 3783->3765 3785->3786 3786->3780 3787->3783 3788->3787 3791 7ff6cdb22746-7ff6cdb2274b call 7ff6cdb477e4 3788->3791
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3536497005-0
                                                                                                                                                                                                          • Opcode ID: 936119dcdc61c3d09dfbc6f86898800bdce19a07f54fc53875a2b94303f46eb1
                                                                                                                                                                                                          • Instruction ID: 79bac9a5631611c6d3952440815d15d1ba76b02ae3e612289c1592b02b755ab3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 936119dcdc61c3d09dfbc6f86898800bdce19a07f54fc53875a2b94303f46eb1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0261B3A7B08A4185E7208F29E40436F77A1BB867ADF101324DEB983AD4EF3DD4948744
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3AEF4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: GlobalResource$Object$AllocBitmapDeleteGdipLoadLock$CreateFindFreeFromSizeofUnlock
                                                                                                                                                                                                          • String ID: ]
                                                                                                                                                                                                          • API String ID: 2347093688-3352871620
                                                                                                                                                                                                          • Opcode ID: 93dd44c7e59638a1d1511d61259afb9db2058f386a2987dea5d6c297b3409a84
                                                                                                                                                                                                          • Instruction ID: 7399b8392e21fdfc95b367991a8bbb725c1be6e3b641628f49c28c3db5d5f928
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93dd44c7e59638a1d1511d61259afb9db2058f386a2987dea5d6c297b3409a84
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B211E6E4F0D34243EA149F11D69427992A1AF8ABC6F180034E9ADC7B85FE3CE8049B00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3ACFC Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1266772231-0
                                                                                                                                                                                                          • Opcode ID: 1155e2eac5c0330a0f18bd67fb5c92651e4b7da5ee72aa3495f3e9d9fdcd90d7
                                                                                                                                                                                                          • Instruction ID: dcdd05c2d60c0f9448427e9fe0b5f1f471cd9ca52da8cdd7b36ad64b2473f262
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1155e2eac5c0330a0f18bd67fb5c92651e4b7da5ee72aa3495f3e9d9fdcd90d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1F0ECB5B38542A3FB609F21E896A762360FF91B06F815031F59E82C64EF2CD108DB10
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB390C8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                                                                          • String ID: EDIT
                                                                                                                                                                                                          • API String ID: 4243998846-3080729518
                                                                                                                                                                                                          • Opcode ID: daca292fe889d401d4258fd3765b0861555302059037067f7f1d841c9f784690
                                                                                                                                                                                                          • Instruction ID: 5fb2527a85c7b21edc3b1b5005966b97d9d61501103104c3d1102d588a7dc3f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: daca292fe889d401d4258fd3765b0861555302059037067f7f1d841c9f784690
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F00162E1B18A4792FE209F11EC553B66350AF9A746F880031C9ED9B654FE2CE1499710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22CF0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 4067 7ff6cdb22cf0-7ff6cdb22d1a 4068 7ff6cdb22d1c-7ff6cdb22d1e 4067->4068 4069 7ff6cdb22d23-7ff6cdb22d2b 4067->4069 4070 7ff6cdb22eb9-7ff6cdb22ed4 call 7ff6cdb42200 4068->4070 4071 7ff6cdb22d3b 4069->4071 4072 7ff6cdb22d2d-7ff6cdb22d38 GetStdHandle 4069->4072 4074 7ff6cdb22d41-7ff6cdb22d4d 4071->4074 4072->4071 4076 7ff6cdb22d96-7ff6cdb22db2 WriteFile 4074->4076 4077 7ff6cdb22d4f-7ff6cdb22d54 4074->4077 4078 7ff6cdb22db6-7ff6cdb22db9 4076->4078 4079 7ff6cdb22d56-7ff6cdb22d8a WriteFile 4077->4079 4080 7ff6cdb22dbf-7ff6cdb22dc3 4077->4080 4078->4080 4081 7ff6cdb22eb2-7ff6cdb22eb6 4078->4081 4079->4078 4083 7ff6cdb22d8c-7ff6cdb22d92 4079->4083 4080->4081 4082 7ff6cdb22dc9-7ff6cdb22dcd 4080->4082 4081->4070 4082->4081 4085 7ff6cdb22dd3-7ff6cdb22de8 call 7ff6cdb1b508 4082->4085 4083->4079 4084 7ff6cdb22d94 4083->4084 4084->4078 4088 7ff6cdb22dea-7ff6cdb22df1 4085->4088 4089 7ff6cdb22e2e-7ff6cdb22e7d call 7ff6cdb4785c call 7ff6cdb1129c call 7ff6cdb1bcb8 4085->4089 4088->4074 4091 7ff6cdb22df7-7ff6cdb22df9 4088->4091 4089->4081 4100 7ff6cdb22e7f-7ff6cdb22e96 4089->4100 4091->4074 4093 7ff6cdb22dff-7ff6cdb22e29 4091->4093 4093->4074 4101 7ff6cdb22e98-7ff6cdb22eab 4100->4101 4102 7ff6cdb22ead call 7ff6cdb420ec 4100->4102 4101->4102 4103 7ff6cdb22ed5-7ff6cdb22edb call 7ff6cdb477e4 4101->4103 4102->4081
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite$Handle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4209713984-0
                                                                                                                                                                                                          • Opcode ID: ec3a854fcc57202cc52d732db201fdd938a7748edcadd4f84268c0f117232e32
                                                                                                                                                                                                          • Instruction ID: 2ecb7c7e7a795d3058318bbf47345d15132117df32e6ebff63f3c7133d39ef17
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec3a854fcc57202cc52d732db201fdd938a7748edcadd4f84268c0f117232e32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D55106A7B19A4252FA50DF25D40837B6360FF46796F440131EAADC6AA4FF7CE485C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB402C0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$ItemText
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3750147219-0
                                                                                                                                                                                                          • Opcode ID: 0a34143c20c2f746d5ca29f49d8e7d887edf6a10a19364d193909f324f5a4b28
                                                                                                                                                                                                          • Instruction ID: 743360b4bf98102047f6a9a356c35658c8c33b3ecbef78d507d9bc4bc985dd28
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a34143c20c2f746d5ca29f49d8e7d887edf6a10a19364d193909f324f5a4b28
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F519FA2F14A5285FB00DFA5D8452AD2322AF46BA6F504636DAAC97BD5EF6CE440C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB23694 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2359106489-0
                                                                                                                                                                                                          • Opcode ID: 072a2b8ac1399326ec50dcff8ca594137dac2b0fda88f662e81bcea673ce7f7d
                                                                                                                                                                                                          • Instruction ID: 1c09a02e1f21f71e8444f4e1a8729143de7d71c921983708a17b41dd5e469e8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 072a2b8ac1399326ec50dcff8ca594137dac2b0fda88f662e81bcea673ce7f7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F031F6A7B0C64241EA248F25944927E7361FF8A79AF544239EAEDC27E5FF3CD4418600
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB42C4C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1452418845-0
                                                                                                                                                                                                          • Opcode ID: 0c9c4e8b53fce571e4f8cc9c566692338f2f17298642b4176caf27cad4df4a56
                                                                                                                                                                                                          • Instruction ID: da46ab09de4cf2180053cb3992a9e24ba9d1371f36dfe7165ea4b4d950074238
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9c4e8b53fce571e4f8cc9c566692338f2f17298642b4176caf27cad4df4a56
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07314FA1F4D90346FA54EF65D5123BE6291AF43386F444434EAEEC72E3FE2CE9049250
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22330 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$FileHandleRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2244327787-0
                                                                                                                                                                                                          • Opcode ID: 9a5f096d935e1beb86ed3acd2769427491289d6d100b5e01c498b1e2430b3287
                                                                                                                                                                                                          • Instruction ID: 3421afc3aa1aafe00ffb7b0c90579ee7c8d373a29fb40310b99acaba74062a3b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a5f096d935e1beb86ed3acd2769427491289d6d100b5e01c498b1e2430b3287
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F92150A2F0CD5289EA605F11E40863A6390FF46B9EF144135DAEDCE684EF7CEA858741
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2E8B4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2EC48: ResetEvent.KERNEL32 ref: 00007FF6CDB2EC61
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2EC48: ReleaseSemaphore.KERNEL32 ref: 00007FF6CDB2EC77
                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32 ref: 00007FF6CDB2E8E0
                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE ref: 00007FF6CDB2E8FF
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32 ref: 00007FF6CDB2E916
                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 00007FF6CDB2E923
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E9C8: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CDB2E8CB,?,?,?,00007FF6CDB2464A,?,?,?), ref: 00007FF6CDB2E9CF
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E9C8: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CDB2E8CB,?,?,?,00007FF6CDB2464A,?,?,?), ref: 00007FF6CDB2E9DA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseReleaseSemaphore$ChangeCriticalDeleteErrorEventFindHandleLastNotificationObjectResetSectionSingleWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2143293610-0
                                                                                                                                                                                                          • Opcode ID: 4c0973ffb1440d85791d797361540583d42a04df9501ebda1e3e4d0b2ceb8b3d
                                                                                                                                                                                                          • Instruction ID: 6181ad3feb65c32136edd3c3b1d735daeb5acdbcfec0ff17aadbc521de60fe0f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c0973ffb1440d85791d797361540583d42a04df9501ebda1e3e4d0b2ceb8b3d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0014077B18A9193E6489F22E94426DB331FB89B81F044131EBAD43611EF39F4B58740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2EA10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Thread$CreatePriority
                                                                                                                                                                                                          • String ID: CreateThread failed
                                                                                                                                                                                                          • API String ID: 2610526550-3849766595
                                                                                                                                                                                                          • Opcode ID: b809f1ae60c8875f32b5bcbb20d8f41751bc11c1317a13f6b24d05741c8ad7d5
                                                                                                                                                                                                          • Instruction ID: fbe0383b32bca8f838b2efb77d3083a6eb1dc894664541d9a9a72aef9c6196b2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b809f1ae60c8875f32b5bcbb20d8f41751bc11c1317a13f6b24d05741c8ad7d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 331194B2B18A4292F700DF15E8451B97370FB9678AF544531E6ED82668FF3CE585C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3934C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryInitializeMallocSystem
                                                                                                                                                                                                          • String ID: riched20.dll
                                                                                                                                                                                                          • API String ID: 174490985-3360196438
                                                                                                                                                                                                          • Opcode ID: 5b2071be2b1dafc67132129f05112032e17bcfd74a08d7c7ef604375e8075561
                                                                                                                                                                                                          • Instruction ID: 9a3bacf9aebd3d0546bd7b4c28de7ab97cb68d4fcf9a18a45818c9346f313c55
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b2071be2b1dafc67132129f05112032e17bcfd74a08d7c7ef604375e8075561
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AF062B1718A4292EB00DF20F8552AAB7A0FF89755F440135E9DD86B54EF7CE14DCB10
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB30830 Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB3841C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6CDB3844C
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2AA90: LoadStringW.USER32 ref: 00007FF6CDB2AB17
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2AA90: LoadStringW.USER32 ref: 00007FF6CDB2AB30
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB11FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB11FFB
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB1129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CDB11396
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB4009B
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB400A1
                                                                                                                                                                                                          • SendDlgItemMessageW.USER32 ref: 00007FF6CDB400D2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3106221260-0
                                                                                                                                                                                                          • Opcode ID: 9ebcb70c4461c46b65b2539b60ce7e6f4da769025c2a1ea5b79e80e31e37c1f9
                                                                                                                                                                                                          • Instruction ID: 89788e296d27a44753bd6a423c7f942a91e6d2a4f1ea49703b7004e47c5a349f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ebcb70c4461c46b65b2539b60ce7e6f4da769025c2a1ea5b79e80e31e37c1f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C51B1A2F0564296FB10EFA1D4452FD2362AF86BC9F414136DAAD977D6FE2CE540C380
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22144 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2272807158-0
                                                                                                                                                                                                          • Opcode ID: d3124626a4378c333c49cbb96ed45c7905388a628c063955ee716b633a20b6b0
                                                                                                                                                                                                          • Instruction ID: bc0cfbc28f9af475559cb43f0db181a54055e2ef6f4a1de618ca672501a374ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3124626a4378c333c49cbb96ed45c7905388a628c063955ee716b633a20b6b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF41B3B3B04A8182EB108F15E44966A63A1FB46BB9F505734DBFD87AD5EF3CE491C600
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB123F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2176759853-0
                                                                                                                                                                                                          • Opcode ID: 87749474a89299ab25d86d739f35c4f3f9ae05bc047993a5a9aa9354af0e8750
                                                                                                                                                                                                          • Instruction ID: 99d89fc80db2d9ffb3d3936ed170f26653009bf4b804ce41d8f8821610f87c13
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87749474a89299ab25d86d739f35c4f3f9ae05bc047993a5a9aa9354af0e8750
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C2193A2B18B8181EA149F65B44016A7364FB8ABD1F145235EBEC43B95EF3CD180C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB31E74 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: std::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1875163511-0
                                                                                                                                                                                                          • Opcode ID: 4c84efd0a00d1c798189c990ace33d55e2c5e51d4e326bb4c8e4ffb822122b00
                                                                                                                                                                                                          • Instruction ID: e2e55540c24eb732021fb1e8db48ae051c2c5dfbad3b7e48c986220544ed78c5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c84efd0a00d1c798189c990ace33d55e2c5e51d4e326bb4c8e4ffb822122b00
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E317ED2F08A8692EB24DF14E4443BC63A4AB417C5F984432D6EC87AE6EF6CE5569301
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB23D44 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1203560049-0
                                                                                                                                                                                                          • Opcode ID: 09c1da968bb57d26b7efcbce64c8032bdfea7029a715582e76ae5880fe178d45
                                                                                                                                                                                                          • Instruction ID: b6d4f4ff2af990ecec3294d3d87829ef0530b99e97f39e533392b1c569ee053f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c1da968bb57d26b7efcbce64c8032bdfea7029a715582e76ae5880fe178d45
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5121FB63B08A4181EA209F25E44426E7360FF8AB99F405235EAED82795FF3CD540C640
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB231CC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3118131910-0
                                                                                                                                                                                                          • Opcode ID: 3e5a054dda678685d953116bf724def0cddc25b6d3140765cfe07ef2595d13cf
                                                                                                                                                                                                          • Instruction ID: 4f0e5fc595888308dc18a186ad8c0a23a91f26112f2c602bc6fcb6722a0a0f81
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e5a054dda678685d953116bf724def0cddc25b6d3140765cfe07ef2595d13cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8021B663B18B8181EA148F25E45926E7360FF86B99F505234EAED82B99FF2CD541C600
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB232CC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1203560049-0
                                                                                                                                                                                                          • Opcode ID: 1604c7ddd739069d4f8cf3d3f41905e88ad9e3ef0ba44aeeadaa27002a19151a
                                                                                                                                                                                                          • Instruction ID: 846c6865b3d51cf2c3c81c5d10f46e599ece7abf13a428ea144ff0334f16d420
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1604c7ddd739069d4f8cf3d3f41905e88ad9e3ef0ba44aeeadaa27002a19151a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E217773B1868181EA149F19E445129B361FF8A795F500735EAED837E5EF3CD541C600
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4BE44 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                          • Opcode ID: 0a2eda5d3e88f26141300154e6fecbf72f6183405112391574be9d7d4e2c3e95
                                                                                                                                                                                                          • Instruction ID: 4c56e373657a3fe5fdca0bee11990b6baf6ed4c6844d3131c1dcc9121a88da9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a2eda5d3e88f26141300154e6fecbf72f6183405112391574be9d7d4e2c3e95
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02E04894B4430582EB44AF31D89137633525F8A743F004838DAEF87352FE3DE4084301
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1F530 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3587649625-0
                                                                                                                                                                                                          • Opcode ID: 11b05a60c023c70aa501037ac0427ff50022e187128bfdfe1074b826fae88991
                                                                                                                                                                                                          • Instruction ID: d4d9cc02b85618f2ab4d09cf58cd43b2e13854ae8ed3941aa67672bde072fdf9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11b05a60c023c70aa501037ac0427ff50022e187128bfdfe1074b826fae88991
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B691A6B3B18B8194FB10DF64D4442AD63A1FB4A799F504236EAAC87AE9EF7CD545C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB13904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 3762ba0ec72dccc1855668fce849e0246193341c791bcf5b82e0bb1608038e06
                                                                                                                                                                                                          • Instruction ID: 72fe412254932c3a80fb002d2e321c02db4f1655b458a9ba3a97ac392f1201ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3762ba0ec72dccc1855668fce849e0246193341c791bcf5b82e0bb1608038e06
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8141A2A2F1465285FB00DFB5D4412AD2360AF46BD9F545235DEADA7BC9FE38D482C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22788 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF6CDB2275D), ref: 00007FF6CDB228B9
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6CDB2275D), ref: 00007FF6CDB228C8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                          • Opcode ID: ef4fbd1024d65e14d311a2418a60bd7248f9f38b675c6cd41192c0d1007b2491
                                                                                                                                                                                                          • Instruction ID: 5d254a22fb8b047ec5369d9b919144e96b9a844d8e7ca63186f1a97c2966cbcc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef4fbd1024d65e14d311a2418a60bd7248f9f38b675c6cd41192c0d1007b2491
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9331A5A3B19D5282EE604F29D5456BE6350AF06BDAF144131DEADCB7E0FE3CD5428700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB122BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1746051919-0
                                                                                                                                                                                                          • Opcode ID: fc3057fc9fef7823719b30f2cb257a4c1749aca8553d38d128b735d00cbab6c0
                                                                                                                                                                                                          • Instruction ID: ea804ee144e705aacb85ac6f5f3752e7652256031b7fed5e1b2b3262ccf4bfbb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc3057fc9fef7823719b30f2cb257a4c1749aca8553d38d128b735d00cbab6c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7431CFA2B19B8686EA109F15F44536EB361EF86791F444235EBEC4BB95EF3CE140C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22AE0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$BuffersFlushTime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1392018926-0
                                                                                                                                                                                                          • Opcode ID: 3ec87b9758bb496d3f0ed74d2f22f57f278571f080bc3e03455df4d759835da1
                                                                                                                                                                                                          • Instruction ID: 706b07d6bbfd7ee2704f2fafa584eefdb47da619cc3fb879fd9d0d242330e9cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ec87b9758bb496d3f0ed74d2f22f57f278571f080bc3e03455df4d759835da1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21B0A3F09F4259EE618F52D80D3BB6690AF0679AF544131DE9C86291FE3CD886C200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2AA90 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                                          • Opcode ID: 1b36b612ca2896629c4e280576aab8d16d1c306fb9027882c0f57f56b41622ee
                                                                                                                                                                                                          • Instruction ID: 3949e62d74bba543805ac0972445727e893206c528543837812a6b0237e4b7fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b36b612ca2896629c4e280576aab8d16d1c306fb9027882c0f57f56b41622ee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32118EB1B08A0186EA008F16E888069B7B1BF8AFC6F554539CAADD3720EF3CE5018344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22BC0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                          • Opcode ID: 2a3ab4247109ddd51a4604de65f86c8f2d80f792229f2c0bcaddc834a5f20f46
                                                                                                                                                                                                          • Instruction ID: f46b658b7bf62eafe8c0b3454e2dbbcb467cf8960ad9a8bc13026cb159dcea6a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3ab4247109ddd51a4604de65f86c8f2d80f792229f2c0bcaddc834a5f20f46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D811B762B1CA4181EB508F25E44527A6360FB46BB9F540331DABDD22E4EF3CD596C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Item$RectText$ClientWindowswprintf
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 402765569-0
                                                                                                                                                                                                          • Opcode ID: b31d2a7bfc2867de038032dd24892f10b2ad5a957bbf65c7e9321e6fac6021db
                                                                                                                                                                                                          • Instruction ID: 7b6277781495ddce6d8d0c4a19ae3dbc9e92213dfc78359f4d4e2d0d3a4449fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b31d2a7bfc2867de038032dd24892f10b2ad5a957bbf65c7e9321e6fac6021db
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09015290B0964A42FF555F51A49927A57A15F4774AF080035DCEDC62D9FE2CE4848310
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2EAC4 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6CDB2EB19,?,?,?,?,00007FF6CDB25762,?,?,?,00007FF6CDB256EE), ref: 00007FF6CDB2EAC8
                                                                                                                                                                                                          • GetProcessAffinityMask.KERNEL32 ref: 00007FF6CDB2EADB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$AffinityCurrentMask
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1231390398-0
                                                                                                                                                                                                          • Opcode ID: d58601a77610d155af6f03b3f46bba2854ae3b9f9b2054f6603c13fa12b36a4d
                                                                                                                                                                                                          • Instruction ID: e892acd18ec9406fee8783aadc3d2043d44e2a4bedca660fe0e27d1f3b149c62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d58601a77610d155af6f03b3f46bba2854ae3b9f9b2054f6603c13fa12b36a4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0E02BA1F1454682DF098F56C8445E9B391FFC9B40B848036E54FC3614FE2CE1458B00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB420B0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1173176844-0
                                                                                                                                                                                                          • Opcode ID: b2c957b1af4e92a60d360a929e9299ec44355b010b36c49b02650d0b792b9dfc
                                                                                                                                                                                                          • Instruction ID: 703b53b5e09ea26cbc1a584e1d0b3ba41f3f0db2792adc381056765e5eaade90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2c957b1af4e92a60d360a929e9299ec44355b010b36c49b02650d0b792b9dfc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DE0ECC0F1A50B01F928ADA214552B601844F5B772E581B34DDFDC53C2BD1CE4929110
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4D7EC Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 588628887-0
                                                                                                                                                                                                          • Opcode ID: 584100ada6b16433ad96f355d67de13f0450602348ee73c008d6ec9c263b7b09
                                                                                                                                                                                                          • Instruction ID: 236ff8a5193cd052a12e56c2c1d78d241d547c3876a43d437f885e15f5eb34e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 584100ada6b16433ad96f355d67de13f0450602348ee73c008d6ec9c263b7b09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE08CE0F0910386FF08EFF298150B423E09F9AB43F080034C9ADC6292FE2CA4828201
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB133E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 0c4ba017ebc298f70cb3f58888252c552d89fedf9ec9e2209bdeb883bb1e2ad2
                                                                                                                                                                                                          • Instruction ID: d5cc84e7055ab4491b937792f3909167b4e03c2d4363cc2008a81cf620cc7437
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c4ba017ebc298f70cb3f58888252c552d89fedf9ec9e2209bdeb883bb1e2ad2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3D194E6B0868296EB688F25D5402BD77A5FF06B86F040035CBAD877A5FF38E4658700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB252A4 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1017591355-0
                                                                                                                                                                                                          • Opcode ID: 0a2280026abf1d5f252db3327d554aa26a96ae8d4dcef8c3f5dc6264eaa9bd4a
                                                                                                                                                                                                          • Instruction ID: bdacd427142dbf3d2bd46147da444a11112036994353deeb5cbabcc0a6d4a702
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a2280026abf1d5f252db3327d554aa26a96ae8d4dcef8c3f5dc6264eaa9bd4a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F26102D3F0C64781FA649E25460827A92D1AF42BDBF544131DEFEC66C9FE6CE5418210
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB31750 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E8B4: ReleaseSemaphore.KERNEL32 ref: 00007FF6CDB2E8E0
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E8B4: FindCloseChangeNotification.KERNELBASE ref: 00007FF6CDB2E8FF
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E8B4: DeleteCriticalSection.KERNEL32 ref: 00007FF6CDB2E916
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB2E8B4: CloseHandle.KERNEL32 ref: 00007FF6CDB2E923
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB319AB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close$ChangeCriticalDeleteFindHandleNotificationReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1624603282-0
                                                                                                                                                                                                          • Opcode ID: 01ceaa24fc445e3c8638e4446936c020665fb4b6e2bb907c0f410112f5f028f1
                                                                                                                                                                                                          • Instruction ID: c29e234dcd9d522d7e9ef6e8557c76d61a6b0797fbf3ed62bd813b2587a76eed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01ceaa24fc445e3c8638e4446936c020665fb4b6e2bb907c0f410112f5f028f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC61B0E2B15A85A2EE08DF26D5541BC7369FF42BC5B544236D7BD87AC1EF28E4A1C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1EC54 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: b9b319761cc6a3e1800825b04271ad6919126f9e41cd9415e70617dd37653bd4
                                                                                                                                                                                                          • Instruction ID: 0ba007b8cc0c67ef30d1eb0ac0b1774735cac22e665baabed7ffed6e73f52d44
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9b319761cc6a3e1800825b04271ad6919126f9e41cd9415e70617dd37653bd4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A751B0A3B08A4250EA149F26D4453A92751FF87BCAF840136EEED87396EF3DE485C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2189C Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2373759558-0
                                                                                                                                                                                                          • Opcode ID: 8d536db985148bab0ae847466f9aff6d20d49608bd843134bb0cc1f8fb5084c9
                                                                                                                                                                                                          • Instruction ID: 5b581cf0ffd73f02e411e77d27968de42b008e13623f6feb21329a3e9c884b5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d536db985148bab0ae847466f9aff6d20d49608bd843134bb0cc1f8fb5084c9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F941E393B1C64245FA24AE2294193BA1351AF57BDAF044132DEBDCBBD6FE2CE442C200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1E760 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1011579015-0
                                                                                                                                                                                                          • Opcode ID: cb2dba6838f1cf6ae25d147f7a361d62f7a50a4f668aa68bee71642d9e3fe321
                                                                                                                                                                                                          • Instruction ID: ba0110cdb8ebb45524fa4d069aa4af8ce78d15f631cd6a031febcef494e1ff75
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb2dba6838f1cf6ae25d147f7a361d62f7a50a4f668aa68bee71642d9e3fe321
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 275181A2B1868681FB64CF28D44537D2361FF86B85F440136EAED877A5EF2CE441C750
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB216F4 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 6aba7824494e9ca9408788b0b26e9c82c738197394e76539725ef44273fc4e0f
                                                                                                                                                                                                          • Instruction ID: 12cec10bede581edd5b576bc7e6a5dde476b252a74936632589b5935c8113da9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6aba7824494e9ca9408788b0b26e9c82c738197394e76539725ef44273fc4e0f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8412AA3B18A8141EA048F13E944379A291FF95FC5F048536EE9C8BF59EF7CD4918340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB22F68 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 1ca180ee51584c916344a10b4dbc1bff289906776cdcd728db3dbd4adc6c1ffa
                                                                                                                                                                                                          • Instruction ID: 3f8e0e088bd82db8032d94cc06ce99ec3e840f835d5c6a3356d5f3b4d1a3b10d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ca180ee51584c916344a10b4dbc1bff289906776cdcd728db3dbd4adc6c1ffa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B141D3A3B08B4680EA189F25D54937A33A1EF46BD9F141139EAED87799EF3DE040C650
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4BCD8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                          • Opcode ID: 5f3f72e95806f48bc601d5673e555addf4234e18d129eb1b5d0bf15baf821d35
                                                                                                                                                                                                          • Instruction ID: 0f26e3f08687ddce6615f4a3dcf173f7d5c33342b4ea66fc5f03c95ede1d2e8f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f3f72e95806f48bc601d5673e555addf4234e18d129eb1b5d0bf15baf821d35
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE41D2A1F0861282FB18DF16D85017963A1AF97B82F944479EAEEC7691FF3DE8408340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 680105476-0
                                                                                                                                                                                                          • Opcode ID: 726a7ea0e11eaddf7946e7a6aa87bc75786e33f15201306cfb91278e1d6dc955
                                                                                                                                                                                                          • Instruction ID: 19ea591d5d9e11d70d3cce96860f062d64b8bb9cb87b33d2fcde20fdb22c1fbf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 726a7ea0e11eaddf7946e7a6aa87bc75786e33f15201306cfb91278e1d6dc955
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE21A4A2B09B5195EA149F91B4402796250FF06BF1F680B32DEBD87BD5FE7CE0518344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB5112C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: d5c0289b8fa8543e55461a0eba1f16d50ca4c5d514165fc00effb05d3347a802
                                                                                                                                                                                                          • Instruction ID: 2e6f2af06f4f3c5bb11ce16af35e93e77a4cb900ebb276270524aab07db4ce4e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5c0289b8fa8543e55461a0eba1f16d50ca4c5d514165fc00effb05d3347a802
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F118BB2B0C68286F710AF10E88017972A5FB463C6F550576E6EDC7692FF3CE8008B40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB13AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 2ad6a4f04a0d46fbc5bf8fc690fb633ecbc3182f237835d9dbf9bee9c88372d6
                                                                                                                                                                                                          • Instruction ID: fe5a82f93a562eb04a671cb9a014317e82b62648a572290e63c8f7a15f88930e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ad6a4f04a0d46fbc5bf8fc690fb633ecbc3182f237835d9dbf9bee9c88372d6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72016DE2F18B8581FA149F28E44526E7361FF8A796F805231EBEC47BA5FE6CD141C604
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB41438 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB414E4: GetModuleHandleW.KERNEL32(?,?,?,00007FF6CDB41453,?,?,?,00007FF6CDB4180A), ref: 00007FF6CDB4150B
                                                                                                                                                                                                          • DloadProtectSection.DELAYIMP ref: 00007FF6CDB414A9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DloadHandleModuleProtectSection
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2883838935-0
                                                                                                                                                                                                          • Opcode ID: 30aead04cd111ca808ad120ff150458f4e2f5f4057b01e6f9c0314f98d77e521
                                                                                                                                                                                                          • Instruction ID: ee2c3561d600f966dad01f1a521cd112f1b7a3e9985501dc64ae8aa73068d44d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30aead04cd111ca808ad120ff150458f4e2f5f4057b01e6f9c0314f98d77e521
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE11CCE4F0860792FB61DF55E8423706350AF0678AF150036C9FDC62A5FF3CA5959B20
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4F8E4 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: e45b4205e63e7225e81d8b155b4aa63996a4611e3abc014573c50bdbd896d072
                                                                                                                                                                                                          • Instruction ID: 07fa4e87cc50aef967dec8c721b9a7f0a5c82daa71816a2210335080c7cac221
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e45b4205e63e7225e81d8b155b4aa63996a4611e3abc014573c50bdbd896d072
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF06DD5F0A20751FE56DE6699453B962D05F5EB92F485430C9EEC73D1FE1CE4814220
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB23ED8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1464966427-0
                                                                                                                                                                                                          • Opcode ID: b3b5d10abd9dd928a71f03b4f8beb2761cd6a866a34a94f189c3012c27a56145
                                                                                                                                                                                                          • Instruction ID: b4dc4af12f9b7197e88db33f078f7e42adb8b5d1c285af166dc7c79e6e75a5b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3b5d10abd9dd928a71f03b4f8beb2761cd6a866a34a94f189c3012c27a56145
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF0F4A3B082C185EA14AF70A0481A933609F07BB9F181338EABD473D7DE28D485C701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB11FA0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 0ef7cacdd4384e4836ec246951469c3c91253e445cc1fff22a2220a3cfb9f043
                                                                                                                                                                                                          • Instruction ID: d9a39d3290884616b6438b930ad69a8bf35647a3739e006e4965d85ee3dae88f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ef7cacdd4384e4836ec246951469c3c91253e445cc1fff22a2220a3cfb9f043
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF0BEA1B1068A80EE18DF69C08836C2362EB05B8AF504432D79C8B655EF6DD8C0C341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB220E0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,00000000,00007FF6CDB2208A), ref: 00007FF6CDB22106
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2591292051-0
                                                                                                                                                                                                          • Opcode ID: dc44c697aecda2a3651f5016d9d2e54d615b42984b8d71c5c966daabb4029cc0
                                                                                                                                                                                                          • Instruction ID: b45a758f8900ce6f9129c0191a568e703992e7f9b3e34b9a04a5f92408ba1850
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc44c697aecda2a3651f5016d9d2e54d615b42984b8d71c5c966daabb4029cc0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF08162B08A8295FB248F20E04667A2661EB16B7FF494335D7BCC11D4EF28D8958714
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4D82C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: 73a5323a310e52b210095381dd27d43cc9adff3e93408486b8786f310bee8c05
                                                                                                                                                                                                          • Instruction ID: 7ef6d98304792eac391ad29db6e2a8bade423061ff6c18a1728fe442e8ac11d4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73a5323a310e52b210095381dd27d43cc9adff3e93408486b8786f310bee8c05
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF0F8D1F0924645FEA4AEB25C512B522905F8ABA2F4D4634DDFEC62D1FE6CE4818120
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2274C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 749574446-0
                                                                                                                                                                                                          • Opcode ID: ba6dcb6d4754fc4065425ddad4f70c4e78d26e6be1c6327c0237102fe5098734
                                                                                                                                                                                                          • Instruction ID: 1fd27d71b6ff88c95d65f0400f5dbad7e37dd2fc672b7924680549a407d046d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6dcb6d4754fc4065425ddad4f70c4e78d26e6be1c6327c0237102fe5098734
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79E0CD56B1491581EF209F36D8555356320EF4EF86B4C1030CE9D87331EE28C4818700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB224A0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileType
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3081899298-0
                                                                                                                                                                                                          • Opcode ID: 3f696bf045a3ed6fe586de77e66f21a1296162081a8ca5dd48a72c6a9739041a
                                                                                                                                                                                                          • Instruction ID: 4c0fb38f319346e399639629e316f47d09bccc4b0485d51a7287da2cae2a7a21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f696bf045a3ed6fe586de77e66f21a1296162081a8ca5dd48a72c6a9739041a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BD0C956E0A84182D9109A39985603D2250AF53B3AFA40720D6BEC16E1DE5DA4969210
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB27F74 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1611563598-0
                                                                                                                                                                                                          • Opcode ID: 6decb0ccc1ae4c1fe08947d54160ccc025c816e3e5ffee15d2fe0ffc161d4727
                                                                                                                                                                                                          • Instruction ID: 3fe4840f705b9366360e6299c2561434ce20ac3ef75547d6f23e9491365b86fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6decb0ccc1ae4c1fe08947d54160ccc025c816e3e5ffee15d2fe0ffc161d4727
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13C08C21F05542C1DA086F26C8CA01823A4BB41B0AB644038C15CC1120EE2CD9EA9388
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00007FF6CDB1C300 Relevance: 48.0, APIs: 23, Strings: 4, Instructions: 731fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$wcscpy$CloseFileHandle$CreateErrorLast$Concurrency::cancel_current_taskControlCurrentDeleteDeviceDirectoryProcessRemove
                                                                                                                                                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                                                                          • API String ID: 2399786022-3508440684
                                                                                                                                                                                                          • Opcode ID: e3273c780add81ac982781179e6245e6c8bde2b197675b5fddbdb4f82a88bc4f
                                                                                                                                                                                                          • Instruction ID: e95cac6ed9d166897be963f99d604871f131b83b56a0ba3a63d503b6b91724ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3273c780add81ac982781179e6245e6c8bde2b197675b5fddbdb4f82a88bc4f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1662CFA2F1868285FB00DF74D4452BD6361AF867A5F504236DABCA7AD9FF38E185C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2F0F0 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                                                                                                                                          • String ID: %ls$%s: %s
                                                                                                                                                                                                          • API String ID: 2539828978-2259941744
                                                                                                                                                                                                          • Opcode ID: a55aa01ccccba92e7cef55d00e3df48e1cb5795345c33898c80520f6132ea1f3
                                                                                                                                                                                                          • Instruction ID: 2b34ac300378bc30f477e70a50920cca1f449bf9c556e860ff12c031add1e5f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a55aa01ccccba92e7cef55d00e3df48e1cb5795345c33898c80520f6132ea1f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0B2C7E2F1868342EA149F26D4451BEA361EFDB791F104236E6ED836E6FE6CE540C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB52430 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                          • API String ID: 1759834784-2761157908
                                                                                                                                                                                                          • Opcode ID: 64c2d7388ccc414d562cce2142b4611408cc8a54e4e8b2a90bb6c1e23c9fdf32
                                                                                                                                                                                                          • Instruction ID: c7d13e545fd534ee59fb5c23ccabd00aaebf3ccad71e3739d5ef9502c90bd6e0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64c2d7388ccc414d562cce2142b4611408cc8a54e4e8b2a90bb6c1e23c9fdf32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B218B2F086828BE765CE69D4407FE37A1FB46789F505135DA6A97B84FF38E5048B00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB21A54 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                                                                                                                                          • String ID: rtmp
                                                                                                                                                                                                          • API String ID: 3587137053-870060881
                                                                                                                                                                                                          • Opcode ID: 010c3b244d9811f6aace4d49cfd520ac4f793057d78827e82fe7e5a8eac7b222
                                                                                                                                                                                                          • Instruction ID: 1885fd00de3cb21f7f440909d1fadfec87c3a8b950b754f94c76e0f60cc95b69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 010c3b244d9811f6aace4d49cfd520ac4f793057d78827e82fe7e5a8eac7b222
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F1D6A3F08A4281EB10DF65D4841BE6761FB863C9F501136EAADC7AA9EF3CD585C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB25B70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1693479884-0
                                                                                                                                                                                                          • Opcode ID: f0830ec0508487d511d1b5bcfbe4f2ef7ae3b5d73509c3d864dd6dceeaf5fee7
                                                                                                                                                                                                          • Instruction ID: 1b47928da4db396b9c18e818146b2359d76bbb4dbfaf22ee143d076a8c9a8788
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0830ec0508487d511d1b5bcfbe4f2ef7ae3b5d73509c3d864dd6dceeaf5fee7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDA1A3A3F14A5284FE00DF79D9481BD23A1AB46BA9B504235DEBD97BC8FE3CD081C240
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB43050 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                          • Opcode ID: bbb94efd6e2a469fca1a56d09deea645364734e9931874f57afa518f9a32d109
                                                                                                                                                                                                          • Instruction ID: 885901851bf7a3bbdb1a9e00a130f3e5226c18739d38ad5b0177faf426b3b601
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbb94efd6e2a469fca1a56d09deea645364734e9931874f57afa518f9a32d109
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75313CB6709B818AEB608F60E8507E97364FB85745F44443AEA9D87B98EF38D648C710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB475B8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                          • Opcode ID: 70c7f3af6ef58f44486863db74fb05a279121861481e3b0243d292a7d9be0553
                                                                                                                                                                                                          • Instruction ID: f59b8135e2d4517cb1b213db369ec46b0679252c3dc8a2302aed7708bd223591
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70c7f3af6ef58f44486863db74fb05a279121861481e3b0243d292a7d9be0553
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB318E76708F8186EB60CF25E8406AE73A4FB89755F540536EAAD83B98EF3CC145CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB11AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                          • Opcode ID: 4167df96dbb16c82e892b51288492450405e1fa33c5a98002cb64fdd2cb06c89
                                                                                                                                                                                                          • Instruction ID: 473fee9a1f6d2f76ffd7b131c4a972243f5df0fa86a564056f2af34dc0788867
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4167df96dbb16c82e892b51288492450405e1fa33c5a98002cb64fdd2cb06c89
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABB1AEA2F15A8696EB109F65D8442AE2361FF867D5F405236EAAC87BD9FF3CD540C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4F974 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CDB4F9A4
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB47814: GetCurrentProcess.KERNEL32(00007FF6CDB50BAD), ref: 00007FF6CDB47841
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: *?$.
                                                                                                                                                                                                          • API String ID: 2518042432-3972193922
                                                                                                                                                                                                          • Opcode ID: 81433c8fefd8e6f10c886e24c667c44bba965009ea4539efb51bfcf7e2f48757
                                                                                                                                                                                                          • Instruction ID: 1af734b5a685b72876dbd78147528101bb8be84efe048956523c6717395addd1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81433c8fefd8e6f10c886e24c667c44bba965009ea4539efb51bfcf7e2f48757
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E51F2A2B15B9585EB11DFA298104BC77E4FB4ABD9B448531DEAD97B85FE3CD042C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB51F60 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                          • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                                                                                                          • Instruction ID: 2cbe3432477b1d9c4813cef5d46926508c58b940f98eb42ff710c18b5f87550a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67D1C3B2B1968687DB34CF15E18466BB7A1FB89785F448134DB9E97B44EE3CE841CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1B6E8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1365068426-0
                                                                                                                                                                                                          • Opcode ID: d54ba1604b47d5732b7315c53d2a433ca34a2d5dc9bbdb29158c846e93c7b95a
                                                                                                                                                                                                          • Instruction ID: 2fbeed8be468d829f4172d74965be2d1b686a25aa11d8808430202605b8dec6d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54ba1604b47d5732b7315c53d2a433ca34a2d5dc9bbdb29158c846e93c7b95a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC01FFB570C74282E7509F62F85057AA3A1FB8BBC1F484138EAAD87B55EF3CE5058B44
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4FB80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                          • API String ID: 0-248832578
                                                                                                                                                                                                          • Opcode ID: 47d9fd1d9cce68eea699c86ee5c3e40722a5ed7f15fb7068995ba4ba6c15603a
                                                                                                                                                                                                          • Instruction ID: 344435050838d3b4564808e3cd87aeb4279cc3ce9d334112fdf61d7d8790f84a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47d9fd1d9cce68eea699c86ee5c3e40722a5ed7f15fb7068995ba4ba6c15603a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86312D62B0469145FB21DF32E9147B97AD1AB4ABE5F048235DEBC87BC6EE3CD5018300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB559D8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                          • Opcode ID: e4c8747620ba2a31fb3fea2dbe59782e9a4c607827faab8e89e9801566228797
                                                                                                                                                                                                          • Instruction ID: 2b28eca415ae3f4e89918d7e2e5eadfe847d5f228e9a74cbbd9d76d43297309c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4c8747620ba2a31fb3fea2dbe59782e9a4c607827faab8e89e9801566228797
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50B15AB3614B898BEB15CF29C98636C3BE0F745B4AF148921DAAD877A4EF39D451C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB38CD4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ObjectRelease$CapsDevice
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1061551593-0
                                                                                                                                                                                                          • Opcode ID: 9a5c3d34b923cae5f694a3304152a3ac15d8c4888fdde5cc54b21661d77f21b7
                                                                                                                                                                                                          • Instruction ID: 07481d915e39988767666a2c880cd89317a63c23c8640f01d55f2dfc61c681fa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a5c3d34b923cae5f694a3304152a3ac15d8c4888fdde5cc54b21661d77f21b7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A815FBAB08B0586EB20CF6AE4506AD7771FB89B89F004536DE9D97B24EF38D545C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3A1AC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FormatInfoLocaleNumber
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2169056816-0
                                                                                                                                                                                                          • Opcode ID: 6c77b93c6babdd078960e33a3dda3bdab4cb3bd71e0a7f1ea73c906554fc67a3
                                                                                                                                                                                                          • Instruction ID: a48c5bffc5ade86ed496fbd5bace5f8be7ea8317028f27510e0181ad1f06f02c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c77b93c6babdd078960e33a3dda3bdab4cb3bd71e0a7f1ea73c906554fc67a3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE116DB2B18B8596E7618F11E8007EA7364FF89B85F854135DA9C83628FF3CD546C748
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB211CC Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB224D0: CreateFileW.KERNELBASE ref: 00007FF6CDB225AB
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB224D0: GetLastError.KERNEL32 ref: 00007FF6CDB225BE
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB224D0: CreateFileW.KERNEL32 ref: 00007FF6CDB2261E
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB224D0: GetLastError.KERNEL32 ref: 00007FF6CDB22627
                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CDB21530
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB23990: MoveFileW.KERNEL32 ref: 00007FF6CDB239CD
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB23990: MoveFileW.KERNEL32 ref: 00007FF6CDB23A44
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 34527147-0
                                                                                                                                                                                                          • Opcode ID: 87025e416cee58d714146fe86621062b287512ac4b8dcbefd11576ed62700a6a
                                                                                                                                                                                                          • Instruction ID: 1b0fc01c37903d0d30c0f34a7318b53186e6e86679dc5e7d790129ab97ffca03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87025e416cee58d714146fe86621062b287512ac4b8dcbefd11576ed62700a6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9591D2A3B18A4682EA10DF62D4586BE6361FF46BC9F404036EEADC7B95EE3CD545C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB24EC0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Version
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                                                          • Opcode ID: c64f175986d7a8fda7e54b87a75a04ab53ef42f5d995779de85150265f3f9b60
                                                                                                                                                                                                          • Instruction ID: a1884c24cb470e511826fde82166c55893b18b3dd3f0e3b5e4be083db6963ac1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c64f175986d7a8fda7e54b87a75a04ab53ef42f5d995779de85150265f3f9b60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF0184F2F4D58286FA308F20A4593B5B7509FAB70BF450139C5FC86691FE3CA0448A14
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB48AFC Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 3215553584-4108050209
                                                                                                                                                                                                          • Opcode ID: 6e8e7ad7648d4e426f0b5d41b067cd50e69a5b1e3b084477f050905ae371f636
                                                                                                                                                                                                          • Instruction ID: 3b7deda47a4c36f332bae325613f612127ad47542ff8ae9d1ea8c622018d6f9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8e7ad7648d4e426f0b5d41b067cd50e69a5b1e3b084477f050905ae371f636
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39817999F1960246FB64CE29828027DA3A0EF03B46F141536DDA9C76D6EF2DE842C781
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB48880 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 3215553584-4108050209
                                                                                                                                                                                                          • Opcode ID: 49fe15fdb2d666c8ca55a754b8ecad47c56f3e1a69e648c01cbc7683dae3907d
                                                                                                                                                                                                          • Instruction ID: 085c851613d2e6fa48af817cfc336b1fb95900cc9e40f4d926d94536fb3f869e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49fe15fdb2d666c8ca55a754b8ecad47c56f3e1a69e648c01cbc7683dae3907d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 757126A9B0CA4346FB68CE29504037E9B919B4374AF182535CDE8C77D6EF2DE845C742
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2C918 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: gj
                                                                                                                                                                                                          • API String ID: 0-4203073231
                                                                                                                                                                                                          • Opcode ID: b14b556a550ab9c557685cc0e568e0990f116c174438ba4f74e1acca61dc3e17
                                                                                                                                                                                                          • Instruction ID: 8d785f033c06e2d8462ad7e68f5e473f885ed1843019f54d055d89f55555f44c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b14b556a550ab9c557685cc0e568e0990f116c174438ba4f74e1acca61dc3e17
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651A0777286908BD724CF25E404A9E73A5F388798F445126EF9A93B08DF39E945CF40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4C718 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                          • Opcode ID: fde446ea9b982a502dd5f1ee3e696a7cdceb6db21e9e6d019aa7358a4b9e4cb6
                                                                                                                                                                                                          • Instruction ID: 0d8d1a35e44091483898b1c21ac22e28d169247dfe977a0e8e17a8735e702984
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde446ea9b982a502dd5f1ee3e696a7cdceb6db21e9e6d019aa7358a4b9e4cb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3241CCB3714A5486EE48CF2AD8542A973A1A759FD4B4DA036DFADCB754EE3CE042C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB50C00 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                          • Opcode ID: 88ded60fe3f6f97b678b4dc4ac35e67973e2cd37b094ab7ac453c3bcc49c54de
                                                                                                                                                                                                          • Instruction ID: 5b709dec4c10b2c61688c2fec06ebfd9a63f042a1bceeb3ea679e0ac26204a02
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88ded60fe3f6f97b678b4dc4ac35e67973e2cd37b094ab7ac453c3bcc49c54de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0B09264F17A02C2EE082F15AC8225422A4BF49702F958078D19C82320FF2C20A58710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB33844 Relevance: .9, Instructions: 931COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ea26930433489c4679ddc8f0b2b91ef9881a292ac41eef90404591889e152e17
                                                                                                                                                                                                          • Instruction ID: 0d4eff5e028922322750e7f1b74bafaa01d3824b0605e0026e42187504d71f31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea26930433489c4679ddc8f0b2b91ef9881a292ac41eef90404591889e152e17
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 288214A3B096C187D714CF28D4442BD7B61EB56B89F09823ADAEE87385EE3DD445E310
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB176C0 Relevance: .9, Instructions: 893COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4ce10dc1bd5e448f03d1118419a98a2947cce8991e3cbf8edea8f97ae5d77373
                                                                                                                                                                                                          • Instruction ID: 2f754a83b4d71d7e0e3a58a7af7171e416e47f14006cc251379aef7d2ffe31f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ce10dc1bd5e448f03d1118419a98a2947cce8991e3cbf8edea8f97ae5d77373
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB352D0 Relevance: .9, Instructions: 891COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0b58196b4ecbb5769e54fc80c973dc5858fc4c1b14dbbe3b7c53fd5348143087
                                                                                                                                                                                                          • Instruction ID: 390f4afc82e3b302ed44a763f2c6f5a7250acd44d6e9f39ad5a94fa596de602f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b58196b4ecbb5769e54fc80c973dc5858fc4c1b14dbbe3b7c53fd5348143087
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D48200B2B096C18BD714CE28C544AFC3BA1FB56B49F198136CAAE87785EE3CD485D710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2BB3C Relevance: .6, Instructions: 587COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7c70324c870db858f628df726b9c70789d2efe9fa47d794540f1f95c798d2d4a
                                                                                                                                                                                                          • Instruction ID: 674b910f9ab28dc5a0ee2e78da6f48506d8f371083bcaf482fbcaf97f5b5819c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c70324c870db858f628df726b9c70789d2efe9fa47d794540f1f95c798d2d4a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2922F5B3B206508BD728CF15C89AA5E3766F799344B4B8228DF4ACB785DB38D505CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB34A78 Relevance: .6, Instructions: 578COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bd699e963fe8de4c67a7c8257b287e99a7e02dd2f4f27d0a432b53307594fd6f
                                                                                                                                                                                                          • Instruction ID: 20e1401d38f9a42cfa1ba4a597906ae1ab29b2cb758d4d30811ab6eacbb43704
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd699e963fe8de4c67a7c8257b287e99a7e02dd2f4f27d0a432b53307594fd6f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B32F0B2B085918BE71CCF28D550ABC77A1F755B49F058139DA9A87B88EF3CE850DB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB17288 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0d10a9a08c9553fc75dd486fe246df930773ccb68969d07dba2de239b036bf03
                                                                                                                                                                                                          • Instruction ID: 975a342c9e5c0544c95ca280ddc81fde0aef2aaa16791dd56dd1731b885e8eda
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d10a9a08c9553fc75dd486fe246df930773ccb68969d07dba2de239b036bf03
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6C19DB7B281908FE350CF7AE400A9D3BB1F39878CB519125DF69A7B09D639E645CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB32C38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0f73c881b3a3553f5a7ff7800e561c505383a03d90eedfedfea2aaa439c36d59
                                                                                                                                                                                                          • Instruction ID: 1c3d5b3d61b55c23ffa89071a8adc4f46bf8e4876fcf59449830de2d3b12162d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f73c881b3a3553f5a7ff7800e561c505383a03d90eedfedfea2aaa439c36d59
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CA156F3F0898687EB24CE24C4047BE6691EBA2749F554139DAED87785EE3CE841E340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2AEC4 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f8441164e717f4c3b9dfec9b5b30af15f411700d7f5e168923845e338acdac59
                                                                                                                                                                                                          • Instruction ID: b9be65dbc286e8791ce9362a014ee32c562f70a4639610929b9ea765bb446931
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8441164e717f4c3b9dfec9b5b30af15f411700d7f5e168923845e338acdac59
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC1E473B292E04DE302CBB5A4248FD3FB1E71E34DB4A4151EFA656B4ED5289201DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1A2FC Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 190572456-0
                                                                                                                                                                                                          • Opcode ID: 1f8397556f6f92a2e09f1a582afcc670c272784be4ec6e57750e3ce663fd6117
                                                                                                                                                                                                          • Instruction ID: a29bedc303fda7f990af9f4e60583d4e4a1bbca9a021fdced46908285999c957
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f8397556f6f92a2e09f1a582afcc670c272784be4ec6e57750e3ce663fd6117
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B9111A3B1858196EB11CF29D8856FD2721FF96789F441031EF9E87649EE38E606C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1A664 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1c05e9b79bc5288d15690930a77abbe716cd69192349639a8f01886128b60fdd
                                                                                                                                                                                                          • Instruction ID: 11bc4237ab93140a017ac82b9ca1f17b533ad90d6ede9ceeea52825b32e20c81
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c05e9b79bc5288d15690930a77abbe716cd69192349639a8f01886128b60fdd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6181F4A3B18A9195EB10DF22D8807EE7765FB86789F444031DE9D87B99FE38E506C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2B4E0 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ccac6a6fc52c17975bdf01ed41956b978bcdf51773e7fee01f8e3267e678a629
                                                                                                                                                                                                          • Instruction ID: 25d9f0b5caf8718294ea26e885627b4f2f5183ac9f6d4c0428c3a85bedf9493e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccac6a6fc52c17975bdf01ed41956b978bcdf51773e7fee01f8e3267e678a629
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A6148A3B181D249EB12CF7485144FE7FB1A71A789B454032CEEA9764AEE3CE106CB14
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB320B0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b695de0b4fe126c4b04c6d9a805711d28f939e9936930a9992a4148e5cc8308d
                                                                                                                                                                                                          • Instruction ID: 3408c9c4dacf69900a99ae142ea7dd7158f9d550e25782d996f0841de47f49f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b695de0b4fe126c4b04c6d9a805711d28f939e9936930a9992a4148e5cc8308d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 795114B3B189514BE7288F28D9147BE3762FB81B49F444135DBA987788EE3DE541DB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB32990 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7096bb6435ece9bb217020c7fe681a7486c35baf94dae0ee83bcc8c8b4126687
                                                                                                                                                                                                          • Instruction ID: 05c3d060fc6babfefe0282d1ac265907f3bf08eb67d467db873b7d7b15e5ab78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7096bb6435ece9bb217020c7fe681a7486c35baf94dae0ee83bcc8c8b4126687
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7131D2E2B089859BD718DE16955067EB7D0F756345F048039DB9AC3B41EE7CE056CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2DBDC Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                                                                                                                                          • Instruction ID: a0abda42923c6c31b83a657013261f79eae73e49a4c1d3e8a1644034f1aa5868
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0D4E7F9C40742FB6C1C28A81D73910429B9631EF64883AD0FAC62C5FC9DA9816189
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB43234 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 49c2694c4c45484a776a5ef4ba02f16acbb14a00dc2333e13b7e28313c480a2c
                                                                                                                                                                                                          • Instruction ID: 2a5a4081025bbadcfc14a0b82f8cc0ad87f783fd97980910ced1f480dc6bff58
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49c2694c4c45484a776a5ef4ba02f16acbb14a00dc2333e13b7e28313c480a2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13A001A5A48842D0E6448F00E864420B320BB92302B444471E1AD812A4BE2CA5008200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1D788 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                                                                                                                                          • API String ID: 3668304517-727060406
                                                                                                                                                                                                          • Opcode ID: 3d499ea49bf17450a4c7f7e9e99b639bc97c788ae1b9e7f0c51e60c16934483d
                                                                                                                                                                                                          • Instruction ID: 518ad85d497e99e9601ce3243619fa52cea79742be0ec7a8b227db30454257a3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d499ea49bf17450a4c7f7e9e99b639bc97c788ae1b9e7f0c51e60c16934483d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341D6B6B05F45D9EB00CF65E8413A933B9EB49799F440236DAAC837A8FE38D155C384
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB428F0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                          • API String ID: 2565136772-3242537097
                                                                                                                                                                                                          • Opcode ID: 6a26e05659341cc81e9cd7bb0af7be51fb7a0dfa131703d094c7fde62e66e3ed
                                                                                                                                                                                                          • Instruction ID: 52e5521ad55ec929ad0d0a603280e12f27d502364fc3a61be7ae166a3fc50fcd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a26e05659341cc81e9cd7bb0af7be51fb7a0dfa131703d094c7fde62e66e3ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B12139E8F19A0392FE55DF61E855679B3A0AF4A782F840034C9EEC27A0FE3DE4459314
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB26A1C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                          • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                                                                                                                                          • API String ID: 4097890229-4048004291
                                                                                                                                                                                                          • Opcode ID: 45f5505ab1f5cde0e38075833752ceb88b49cbde0c886373c145553a0f95317d
                                                                                                                                                                                                          • Instruction ID: ba4186292253f1f8f984706614f3d941aa60e5138432d44fdf745b5f086f33e7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45f5505ab1f5cde0e38075833752ceb88b49cbde0c886373c145553a0f95317d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C12B4A3B09B4280EB10DF65D4481AD6371EB42B99F504235DBAD87BEAEF3CD549C344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3A320 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                                                                                                                                          • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                                                                                                                          • API String ID: 431506467-1315819833
                                                                                                                                                                                                          • Opcode ID: eb6541408e04b92f6055a624696a755113c91cabbe041a8dcccdbd640fd5f2c6
                                                                                                                                                                                                          • Instruction ID: f7e65257dad0c0daad17ea3b1c1c250d5ea4703608e6f93a351c641ff77178a2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6541408e04b92f6055a624696a755113c91cabbe041a8dcccdbd640fd5f2c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11B1C1A2F19B4296FB00DF64D4842BC3362AF46799F504235DAACA7AD9FE3CE155C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4E530 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                          • API String ID: 3215553584-2617248754
                                                                                                                                                                                                          • Opcode ID: 77ad88dfeb18cf37fe98ea626b4e60dfb349476b70b20baadc6c0d7550abaa52
                                                                                                                                                                                                          • Instruction ID: 99363a14f63e58ed14ff0e1abff29a678e999c2372abdd6bd42d8d8c2f2f1b80
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77ad88dfeb18cf37fe98ea626b4e60dfb349476b70b20baadc6c0d7550abaa52
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0541BFB2B05B4589E705CF25E8417ED37A5EB0A398F404136EEAC83B58EE3CD025C344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3F270 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ButtonCheckedObject$ClassDeleteLongName
                                                                                                                                                                                                          • String ID: STATIC
                                                                                                                                                                                                          • API String ID: 781704138-1882779555
                                                                                                                                                                                                          • Opcode ID: 4307b924ee219b8c1b5088bbf8af2e686e679562b36d393570000ed990c9d7e2
                                                                                                                                                                                                          • Instruction ID: 30df6fc9e6ebbb2c84c650b9aa548b989940105fa0ed03804942d2bd3ce5c886
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4307b924ee219b8c1b5088bbf8af2e686e679562b36d393570000ed990c9d7e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA31A3A5B0864283FB649F11A554BBA63A1FF8EBC2F454430EDAD87B55FE3CE4068740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB36D60 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$AllocGlobal
                                                                                                                                                                                                          • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                                                                                          • API String ID: 2721297748-1533471033
                                                                                                                                                                                                          • Opcode ID: 242a2c3e2241a1f29bc862e95cd4c41139c7aa835e86f3fdfc5cf3c6d479b800
                                                                                                                                                                                                          • Instruction ID: 2d940df5b1a5ec78135283b6208b46d729b2490796f39cd49445d4737129cfc4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 242a2c3e2241a1f29bc862e95cd4c41139c7aa835e86f3fdfc5cf3c6d479b800
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 248182A2F18A4296FB00EFA5D4402ED3371AF4679AF404135DEAD97699FF38E50AC344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3AD70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Item$Text
                                                                                                                                                                                                          • String ID: LICENSEDLG
                                                                                                                                                                                                          • API String ID: 1601838975-2177901306
                                                                                                                                                                                                          • Opcode ID: fbabcca8789a7abc903b972964f0df5aebba3406a965f94148686bd4d058d337
                                                                                                                                                                                                          • Instruction ID: 92859dc8dd99996864874066cef513bcaa009d1b1cc72dbc1ba85cfa7983328a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbabcca8789a7abc903b972964f0df5aebba3406a965f94148686bd4d058d337
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2941A2A1B08A5283FB149F16E85477D2361AF86F87F650035E9AE87B94EF3CE5469300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2B960 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                                                                                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                                                                                                                          • API String ID: 2915667086-2207617598
                                                                                                                                                                                                          • Opcode ID: 8935b6f7f66e2c7d47c99ae410095ef48e5be691970eec013db16fbd3fa160c8
                                                                                                                                                                                                          • Instruction ID: f7e14c3bb02274d75d1bdc0ae762d133bd9f645e91ff3e4638feb035cf5d4662
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8935b6f7f66e2c7d47c99ae410095ef48e5be691970eec013db16fbd3fa160c8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15313BA5B0DA0392FA149F16E86817577A0EF4BB96F054135C9ED837A8FF3CE5418308
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB386B8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                          • API String ID: 3668304517-227171996
                                                                                                                                                                                                          • Opcode ID: 2228e09d7393a61c849b8046ce96cfb0ac8265f0c0e8a896f2020ca0e95e1f48
                                                                                                                                                                                                          • Instruction ID: 7597de7f4e7f8f94201d71311e9c1f96b6d381c5379f52b80fc9c5f1c9be2b0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2228e09d7393a61c849b8046ce96cfb0ac8265f0c0e8a896f2020ca0e95e1f48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAF1F4EAF15B4282EE009F68D4441BCA361AB46B99F505232CABD937D9FF7CE180D341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB456CC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                          • API String ID: 2940173790-393685449
                                                                                                                                                                                                          • Opcode ID: 00493aba26876e22a0c058797fcb2f8350e9957e1905243f87ce4940491e038b
                                                                                                                                                                                                          • Instruction ID: b018f418c54fa28681a908cba9e9661de1f077146eb3fc983a53d2d4e5c95eac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00493aba26876e22a0c058797fcb2f8350e9957e1905243f87ce4940491e038b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E19DB3A08B828AE760DF28D5803AD77E0EB46759F144135DEAD97796EF38E481C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB24F48 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocClearStringVariant
                                                                                                                                                                                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                                                                                          • API String ID: 1959693985-3505469590
                                                                                                                                                                                                          • Opcode ID: eb3affe9549700a57cd0e6de4142855619e953e3a19f5c412c6105883a6025ad
                                                                                                                                                                                                          • Instruction ID: d6286d67f53dee69aab51a06d224d317d2f5b2c0a4cfda3db3bb35073fdc0224
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb3affe9549700a57cd0e6de4142855619e953e3a19f5c412c6105883a6025ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA714AB6B14B0585EB20CF25E8905AD77B0FB89B99B041136EE9E87B64EF38D544C300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB471CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6CDB473D3,?,?,?,00007FF6CDB4513E,?,?,?,00007FF6CDB450F9), ref: 00007FF6CDB47251
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00007FF6CDB473D3,?,?,?,00007FF6CDB4513E,?,?,?,00007FF6CDB450F9), ref: 00007FF6CDB4725F
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6CDB473D3,?,?,?,00007FF6CDB4513E,?,?,?,00007FF6CDB450F9), ref: 00007FF6CDB47289
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF6CDB473D3,?,?,?,00007FF6CDB4513E,?,?,?,00007FF6CDB450F9), ref: 00007FF6CDB472CF
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,00007FF6CDB473D3,?,?,?,00007FF6CDB4513E,?,?,?,00007FF6CDB450F9), ref: 00007FF6CDB472DB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                          • Opcode ID: 4df90cf2703d265e089d489e86a26be228324eecb5904a81695c01ec3642baa2
                                                                                                                                                                                                          • Instruction ID: 15f818238e75237c4bed95e9eb54da44daae605ad6b4170c1e02299fe1b0577a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df90cf2703d265e089d489e86a26be228324eecb5904a81695c01ec3642baa2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE31B2A1B1A64281EE11EF16A8006756394FF4BBA1F194535EDAD8B350FF3CE044CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB414E4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(?,?,?,00007FF6CDB41453,?,?,?,00007FF6CDB4180A), ref: 00007FF6CDB4150B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6CDB41453,?,?,?,00007FF6CDB4180A), ref: 00007FF6CDB41528
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6CDB41453,?,?,?,00007FF6CDB4180A), ref: 00007FF6CDB41544
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                          • API String ID: 667068680-1718035505
                                                                                                                                                                                                          • Opcode ID: d1d93a9dcdc2cb5efd1991c7952d47fb0bb63b89991576fd6ee39d9729fbea1d
                                                                                                                                                                                                          • Instruction ID: 4b78fb2c7f88c54e57024ac3aacf2d5d71f348872a722489308de816a9579eab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d93a9dcdc2cb5efd1991c7952d47fb0bb63b89991576fd6ee39d9729fbea1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA111BE4F19B0291FE65CF10E9412B462A16F0A7D6F495536C8FEC6754FE3CE4849320
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2EC94 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF6CDB251B4: GetVersionExW.KERNEL32 ref: 00007FF6CDB251E5
                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ECFC
                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ED08
                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ED18
                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ED26
                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ED34
                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CDB15ABC), ref: 00007FF6CDB2ED75
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2092733347-0
                                                                                                                                                                                                          • Opcode ID: 10ffd27a1d0995ee2e88e313f1990b1d6389c8f138e56aee93b4f6506c4752f5
                                                                                                                                                                                                          • Instruction ID: aad7d7460878a66f45bd1533592b30251c72006e86b745935fe123b571a74678
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10ffd27a1d0995ee2e88e313f1990b1d6389c8f138e56aee93b4f6506c4752f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E518CB2B106518BEB14CFBAD4451AC77B1F748B89B64403AEE5D97B58EF38E542C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2EF80 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2092733347-0
                                                                                                                                                                                                          • Opcode ID: 815f6f964df36b0098ae6083f908862c9538aad2c9db9e10fb847501d330df7b
                                                                                                                                                                                                          • Instruction ID: 68d0684d22f6845cb92cfae6a7e68a3f8397aa90ce4b921600232f4a9ecf1413
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 815f6f964df36b0098ae6083f908862c9538aad2c9db9e10fb847501d330df7b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 913137A6B10A51CEFB04CFB5E8811AC7770FB08759B54502AEE5EA7A58EF38D895C301
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB278C8 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: .rar$exe$rar$sfx
                                                                                                                                                                                                          • API String ID: 3668304517-630704357
                                                                                                                                                                                                          • Opcode ID: 3591aa7f6208d0639e3ddd753617b5bd59cac7804775e7520afa3375969aa5d0
                                                                                                                                                                                                          • Instruction ID: d143960074f6a6bb75407f75ecd5b18662f4d5d27ac9cdf72f577bd11d94804d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3591aa7f6208d0639e3ddd753617b5bd59cac7804775e7520afa3375969aa5d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77A1B2A7F04A4640EA00AF25D8592BC2361BF46BAAF504235DEBD876D9FF3CE545C384
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB45BC8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                          • API String ID: 2889003569-2084237596
                                                                                                                                                                                                          • Opcode ID: 88090030e3e97ad46f4af9f464068a64c6ebcab78511bfe14db65436bf53bfce
                                                                                                                                                                                                          • Instruction ID: e75c3953be77aa45b58e69e16f365bb76232e04d08aa526275fa4c9df82af44b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88090030e3e97ad46f4af9f464068a64c6ebcab78511bfe14db65436bf53bfce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03918EB3B08B918AE710CF65E9402AD7BB0FB05789F144129EE9D97B59EF38D195C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB44E60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                          • String ID: csm$f
                                                                                                                                                                                                          • API String ID: 2395640692-629598281
                                                                                                                                                                                                          • Opcode ID: 13b92defcfc250779d77d005163ae440afffe3cbe9b13642e80169b4fe78ec7a
                                                                                                                                                                                                          • Instruction ID: ff5faf485f1411752294129a551242b91422ffc90ef329777af54ebd3eb98894
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b92defcfc250779d77d005163ae440afffe3cbe9b13642e80169b4fe78ec7a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0651D176F196028AEB14CF15E404A397795FB42B89F518138EEAE87788FF78E841C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1CE98 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                                                                                                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                                                                                          • API String ID: 2102711378-639343689
                                                                                                                                                                                                          • Opcode ID: d0d67da842b53d88caa0fb31aad66ae310ec22e65d8544d4c8da3ae001d23120
                                                                                                                                                                                                          • Instruction ID: 23259fe786b139b8078d4641dd93d087d703600f77707536e2b8276de5c2e5ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0d67da842b53d88caa0fb31aad66ae310ec22e65d8544d4c8da3ae001d23120
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A751E0A2F1864296FB00DF65D8552BE27B1AF467A6F000139DEBD93696FE3CE485C200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB37A08 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Show$Rect
                                                                                                                                                                                                          • String ID: RarHtmlClassName
                                                                                                                                                                                                          • API String ID: 2396740005-1658105358
                                                                                                                                                                                                          • Opcode ID: 346521eec488aea3dd98db297d9d00325930dfaab4f0cca47ace2342e5ac448a
                                                                                                                                                                                                          • Instruction ID: 8fadbc8797741a1e61a45b27ed631a78067acda1200d1230f87272f2fdff996d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 346521eec488aea3dd98db297d9d00325930dfaab4f0cca47ace2342e5ac448a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B5171A2B0878287EA249F25E45437AB3A0FF8A785F004435EEDE87B55EF3CE4458710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3FBEC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: sfxcmd$sfxpar
                                                                                                                                                                                                          • API String ID: 3540648995-3493335439
                                                                                                                                                                                                          • Opcode ID: dbcde95ab6725992720ca3b71e7206b4bc63de45d9fe7100070882d44839ee44
                                                                                                                                                                                                          • Instruction ID: d2da5d3d5a7afec5e7d9cf23fb288ff1ce48f418b3d5db1afcdea9f90538847c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbcde95ab6725992720ca3b71e7206b4bc63de45d9fe7100070882d44839ee44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D3194B2B14A0585FF04CF69D8841AC33B1FB4AB99F440131DEAD977A9EE38E085C344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3FDB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                                                                          • API String ID: 0-56093855
                                                                                                                                                                                                          • Opcode ID: 6b6936d8af85ed07d69075739862379e0c7e38109e360d5c84d26f77dfe1686f
                                                                                                                                                                                                          • Instruction ID: 06ff475cf39f463487cfbf74da979e779dad9330bb58433df6c88a9e3dd140d7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b6936d8af85ed07d69075739862379e0c7e38109e360d5c84d26f77dfe1686f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC2107E5B08B47A2FA109F5AE84857423A0EF4AB86F554036D9EDC7361FE3CE4899310
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4BE90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                          • Opcode ID: 0ccc62a4b668c9744bf67573bebacabab741173be5aa4654eff986f512ea0f65
                                                                                                                                                                                                          • Instruction ID: ed32219e506e43cf57f5129a67835b27e874f6f610dfc392d0f63bef1a55ce43
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ccc62a4b668c9744bf67573bebacabab741173be5aa4654eff986f512ea0f65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF062A5B19A4291EF44CF11F4402797360EF8DB92F441436EAAF86664FF3CE484C701
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB544A0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 906a413d4f951bb5daa4ab1a7393b71f920d6b37417606cc76959ffd00c7350e
                                                                                                                                                                                                          • Instruction ID: ddc488703010c7109e3431784161b0d7ea705e3cc367899c484dfeaa893ee65b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 906a413d4f951bb5daa4ab1a7393b71f920d6b37417606cc76959ffd00c7350e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA81F0A2F1860299F7209F65D8406BDB7A0BB46B8AF404139CEAE93795FF3CE441D710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB23B08 Relevance: 7.7, APIs: 5, Instructions: 163filetimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2398171386-0
                                                                                                                                                                                                          • Opcode ID: bbf8a6a1d963e036ce9f3ad4a27b3a79830c3b4cf1ffc0a6727f353e72a6fe12
                                                                                                                                                                                                          • Instruction ID: 343e75555c5bb4e8c05812a16b0ee963aad07b8628fc92b2748633fbde6fc8c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf8a6a1d963e036ce9f3ad4a27b3a79830c3b4cf1ffc0a6727f353e72a6fe12
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1551AFA3B18B4249FB549F65E8482BD33B1AF4A7ADF044639DEAD86794FE38D0458300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB53E14 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3659116390-0
                                                                                                                                                                                                          • Opcode ID: 6101d93f35efaf94d4ffef1e77f73be41993fc0ca8b2b471f15e64abfad4bc84
                                                                                                                                                                                                          • Instruction ID: 8225076d40a31eb9272c838b00d295faa48049ed248396b4e3bc2b26c45a011a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6101d93f35efaf94d4ffef1e77f73be41993fc0ca8b2b471f15e64abfad4bc84
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B751AFB6F14A5589E710CF65D4443AC7BB0FB46799F088135DEAA87B98EF38D145C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB41CE0 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 262959230-0
                                                                                                                                                                                                          • Opcode ID: 317e4e248690e5d91fe64e49538e69ee3e6a698b8574c230241ef5e73fc13709
                                                                                                                                                                                                          • Instruction ID: 5ef5b6e9fb26890d291a65c76a17f39207de0892755e561aa3e37790a0f84f61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 317e4e248690e5d91fe64e49538e69ee3e6a698b8574c230241ef5e73fc13709
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B141C0A5F0864689EB14DF22D8003B96290EF0ABE6F544635EABDC77D5FE3CE1519300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4F2F4 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 190572456-0
                                                                                                                                                                                                          • Opcode ID: 8db8589391796ed88bbe5435f360038518681dd8c75e5d23eac09e8759673d6a
                                                                                                                                                                                                          • Instruction ID: 7a1bcb309a8dd1920e4a9975728ce582be403a4604dd3b12e8850e60d16a755e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db8589391796ed88bbe5435f360038518681dd8c75e5d23eac09e8759673d6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E641D4A2B09A4281FE17DF16982457962D5BF0ABD1F194535DEBECB788FE3CE4418300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB555B8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                          • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                                                                                                          • Instruction ID: a9f20b5bdc70fba6b7f87d7fcc2eea3aa20e6d71352814f05fe0213a93bc9760
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 521160F6F1868741FA651DA5E68637E20D16F5A3B3E484234E6FE8A5E6BE2CB4404300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB3FD04 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3621893840-0
                                                                                                                                                                                                          • Opcode ID: f3ee1a4d7667bfc3329b1c6b60f01b2bd3385d85cd62092d5101b818b94d2f82
                                                                                                                                                                                                          • Instruction ID: 7101ec9c4be7f1e53ecf5e110322028b7351b2e1a1a61f0b39ea2d00fb74aed1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ee1a4d7667bfc3329b1c6b60f01b2bd3385d85cd62092d5101b818b94d2f82
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F04FA1B2844793F7108F21E499A362351FFAA706F541030E59E86C94AF3CD149D710
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4613C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __except_validate_context_recordabort
                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                          • API String ID: 746414643-3733052814
                                                                                                                                                                                                          • Opcode ID: f6806ac82c6ffe397d3272adf1ae55b80e26ac65e8e1139f79223806dd7c3d0a
                                                                                                                                                                                                          • Instruction ID: d236b88131b8c3d3bbb604975abf4beab91ffc6fee640f9ab9e5eb4da49541c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6806ac82c6ffe397d3272adf1ae55b80e26ac65e8e1139f79223806dd7c3d0a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC7181B2B086C286DB60CF2990507BD7BA1EB56F86F149135DEDC87A89EF3CD4918740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB47FD4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: $*
                                                                                                                                                                                                          • API String ID: 3215553584-3982473090
                                                                                                                                                                                                          • Opcode ID: 3dc0502f1828c80ed1bcbd4cba6bb1413543bd002d16f2013c37d4827c9e63c9
                                                                                                                                                                                                          • Instruction ID: b6efe9fe5dd20e8556960b5a3c31bac58c77d9ae4cf4167ad87fc586d6066244
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dc0502f1828c80ed1bcbd4cba6bb1413543bd002d16f2013c37d4827c9e63c9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F55165FAA1C2428AEB64CE28904537C77A1FB0BB0AF181137C6EAC5295EF7CD485C601
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB51638 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$StringType
                                                                                                                                                                                                          • String ID: $%s
                                                                                                                                                                                                          • API String ID: 3586891840-3791308623
                                                                                                                                                                                                          • Opcode ID: 5624f879a3904104de112aaa6330f4fecd41067ff92eb9f6dd7dbde445aaa44f
                                                                                                                                                                                                          • Instruction ID: e48374680f267f0868eb6bb6675abcefe4365d3e43224ced14fe6fb30b1b93ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5624f879a3904104de112aaa6330f4fecd41067ff92eb9f6dd7dbde445aaa44f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7341A7A2B14B4249EB508F25D8006B97395FB56BE9F484636DEAD877C4FF7CE4458300
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB46580 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2466640111-1018135373
                                                                                                                                                                                                          • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                                                                                                                          • Instruction ID: 9e52690079eca02a983d23d1df66cc5f2ab73f298d872e146c8e3cff99829fa2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF513BB7718A8286D620EF15A55026E77A4FB8AB91F100138DF9D87B56EF3CE461CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB54240 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                          • API String ID: 2456169464-4171548499
                                                                                                                                                                                                          • Opcode ID: e5cb2a7e434c55033be8c91b461b53ee1f7c27837a98993c2b5864274fd51453
                                                                                                                                                                                                          • Instruction ID: da16d474d810d6e602beb96f060ebbf6f6475ac954d19c0ceac771a27389dcef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5cb2a7e434c55033be8c91b461b53ee1f7c27837a98993c2b5864274fd51453
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D841E262B28A4582EB208F65E8047BAB7A0FB89795F844035EE9DC7798FF7CD441C740
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB38F90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ObjectRelease
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1429681911-3916222277
                                                                                                                                                                                                          • Opcode ID: 8c6f63196968818d9ccf2e220cf7cdafcf28a736d7c0a6b15f755b38d188b54a
                                                                                                                                                                                                          • Instruction ID: c7b87f3c51b9fa54de85c0173e0082b56637444b80704b68fa96a844c66f5e7f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c6f63196968818d9ccf2e220cf7cdafcf28a736d7c0a6b15f755b38d188b54a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46316F7570874297EB04DF12B80966AB760FB8AFD6F014439ED9A87B64DE3CE049CB10
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2E7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,00007FF6CDB3305F,?,?,00001000,00007FF6CDB1E4D5), ref: 00007FF6CDB2E827
                                                                                                                                                                                                          • CreateSemaphoreW.KERNEL32(?,?,?,00007FF6CDB3305F,?,?,00001000,00007FF6CDB1E4D5), ref: 00007FF6CDB2E837
                                                                                                                                                                                                          • CreateEventW.KERNEL32(?,?,?,00007FF6CDB3305F,?,?,00001000,00007FF6CDB1E4D5), ref: 00007FF6CDB2E850
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                                                                          • String ID: Thread pool initialization failed.
                                                                                                                                                                                                          • API String ID: 3340455307-2182114853
                                                                                                                                                                                                          • Opcode ID: 52fac21d231d2c480d1a8b9006b644d15e58b09438c2a4cb32a5e467e508583a
                                                                                                                                                                                                          • Instruction ID: 22f03b1fcdea08c2e17dd3465e54ae440a1ddd1420b0b617fe0e947d0eefb29f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52fac21d231d2c480d1a8b9006b644d15e58b09438c2a4cb32a5e467e508583a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC21E7B3B1564186F7408F25D0483BD32A1EB99B0EF188034CA9D8A295FF7ED445C790
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB384C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDeviceRelease
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 127614599-3916222277
                                                                                                                                                                                                          • Opcode ID: 14cc15b763bc5c924532feb7c260d418e0d1f0070544accd59e29c3ee95e963e
                                                                                                                                                                                                          • Instruction ID: 6a680df1cb5059e04fa75d2225cf0bc67abeb26c4564f64b612591ae4117d004
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14cc15b763bc5c924532feb7c260d418e0d1f0070544accd59e29c3ee95e963e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E0C260B0864293FB086FB6B58A03A2261EF4CBD1F168039FA6F87794EE3CC4C44310
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1D160 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1137671866-0
                                                                                                                                                                                                          • Opcode ID: 05accffe0705a617afa76a2def03445ee522539e958a6478a8d2aa2e05c55eea
                                                                                                                                                                                                          • Instruction ID: 48126b0dfd6a6005dc538477b0e716e648f36ddcf3319590e78a551518d8670b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05accffe0705a617afa76a2def03445ee522539e958a6478a8d2aa2e05c55eea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FA1C3A2B18A8281EE10DF25E8442BE6361FF86785F405135EAED87AD9FF3CE544C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB304B8 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                          • Opcode ID: 7c247595c32359b78815612379d1a90ffeafe352fecc5b783f5d4d00929ec120
                                                                                                                                                                                                          • Instruction ID: 4b51d20c7ff188ca4d766c35697fe2a1be74b680acbfe8dd1da4e29fcec9c1a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c247595c32359b78815612379d1a90ffeafe352fecc5b783f5d4d00929ec120
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC5191B2B14A4299FB00DF65D4452FD2361EF86B9AF404236DAAC9779AFE28D244C344
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB39C70 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1077098981-0
                                                                                                                                                                                                          • Opcode ID: 86d36767b0cc527e88235088377ea717e8b20339b9d95eb3b4ada9a24dd54104
                                                                                                                                                                                                          • Instruction ID: 3492869f4e49eb7fa258595918516bdb5ea13536ad50e0a1a61e8f030bc67d0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86d36767b0cc527e88235088377ea717e8b20339b9d95eb3b4ada9a24dd54104
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC515F72718B4287EB408F22E4453AE73A4FB86B85F900139EA9E97B54EF3CD504CB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4DA3C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4141327611-0
                                                                                                                                                                                                          • Opcode ID: 82d03ac598dba5566f38ba3ef07ab1b6c4dd0050ecfbb41a39305acade8eeb31
                                                                                                                                                                                                          • Instruction ID: 9b2d6819be467809afbd58bbb8c28485bc4353e95d300f7c46efb8b64e46fa80
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82d03ac598dba5566f38ba3ef07ab1b6c4dd0050ecfbb41a39305acade8eeb31
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D4181B2B0D64286FB65DF14904037966A0EF86BA2F148135DBED87AD9FE3CD8418700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB23990 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3823481717-0
                                                                                                                                                                                                          • Opcode ID: 6242fedc446a94df65000cb55770fad86ef3df8a6d2fbd1c1d74b21590054829
                                                                                                                                                                                                          • Instruction ID: 682add6d9500418c457c4b96bfea51473a87f3c7ea51fc8421eb752081330e95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6242fedc446a94df65000cb55770fad86ef3df8a6d2fbd1c1d74b21590054829
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4941BFA3F14B5284FB04DF75E8491AC3371BF46BA9B405239DEADA6B99EF78D041C200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB50A58 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6CDB4C33B), ref: 00007FF6CDB50A71
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6CDB4C33B), ref: 00007FF6CDB50AD3
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6CDB4C33B), ref: 00007FF6CDB50B0D
                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6CDB4C33B), ref: 00007FF6CDB50B37
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1557788787-0
                                                                                                                                                                                                          • Opcode ID: 68d7ffff6da6bb5c30f515412ce5e96b1fa060087e9a7e21ee0192a4c2e09fbd
                                                                                                                                                                                                          • Instruction ID: fcf1a81e27b5e6522f00b2217d596366ae336b20a2a8f057937de02afa7a12fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68d7ffff6da6bb5c30f515412ce5e96b1fa060087e9a7e21ee0192a4c2e09fbd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA215171F18B5281EA609F12A441029B6A4FB59BD5B085235DEEEA3BA4FF3CE4528704
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4D320 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$abort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1447195878-0
                                                                                                                                                                                                          • Opcode ID: e5f34902ae44aa9bcef1dbed71889213d1179b49027ba2e2f6132b401c78f961
                                                                                                                                                                                                          • Instruction ID: a131457124113df61b6e8e826323cb1bfaa20ef280a9367af9e429f7231c2cba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5f34902ae44aa9bcef1dbed71889213d1179b49027ba2e2f6132b401c78f961
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62015AA4F0D60342FA59EF25A666ABD61A15F5A792F080539D9FEC77C6FE2CF8014200
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB38470 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                          • Opcode ID: 1f2ccc2ca8e2667e2053ff2e408bff2bb2b796922e999d64dde0a3f5810067ed
                                                                                                                                                                                                          • Instruction ID: 2943b53911a03cd158b886613ab587b926d1d40690f8a4db85f3b0038d7ab475
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f2ccc2ca8e2667e2053ff2e408bff2bb2b796922e999d64dde0a3f5810067ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3E0EDA0F0960293FF086F7168591352650AF4AB43F194439D8AFCA360FD3CE0858620
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB1E304 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                          • String ID: DXGIDebug.dll
                                                                                                                                                                                                          • API String ID: 3668304517-540382549
                                                                                                                                                                                                          • Opcode ID: 42bd54e091842a7090a732cbb0766704ba53950ab79fd5ab8a5c07da9445c8d8
                                                                                                                                                                                                          • Instruction ID: 2075d4cb68c90b1014965e7fb1c6ad549c122179634db38f7b9baf1edac9d70f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42bd54e091842a7090a732cbb0766704ba53950ab79fd5ab8a5c07da9445c8d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF718BB2B14B8186EB14CF25E8443ADB3A9FB557C4F504226DBAD47B95EF78E061C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4E0D4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                          • API String ID: 3215553584-3030954782
                                                                                                                                                                                                          • Opcode ID: 923e1f928a93e1474c09cb05b2892164f2290ef7a7d4072d9a8f318e01b08a35
                                                                                                                                                                                                          • Instruction ID: 739d904a59a13747cb46623e56a3635d4398bb6ef19eab77db3b34b5cf8f076e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 923e1f928a93e1474c09cb05b2892164f2290ef7a7d4072d9a8f318e01b08a35
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D351F5A2B187C586E765CF3999413696B91EB82B91F08D231D6ECC7BD5EF2CE444C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB293B8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                                                                                                                                          • String ID: SIZE
                                                                                                                                                                                                          • API String ID: 449872665-3243624926
                                                                                                                                                                                                          • Opcode ID: 73801b104769cce3368770b8aa400d6f5c3579c62427d1f12b055830ad3cb4e2
                                                                                                                                                                                                          • Instruction ID: 03e825fdb3fd83e23435c13e26501012434fe2da3538dc57c29f5a0e7794f069
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73801b104769cce3368770b8aa400d6f5c3579c62427d1f12b055830ad3cb4e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E418FA2B6878296EE10DF64E4453BD6350AF8679AF404232EAEC866D6FF7CD540C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4C1A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, xrefs: 00007FF6CDB4C1D9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
                                                                                                                                                                                                          • API String ID: 3307058713-2267444296
                                                                                                                                                                                                          • Opcode ID: abdbd848dd020dfc8427fe30ed957358b57952be7c8c307bd8df1df060e6b93e
                                                                                                                                                                                                          • Instruction ID: a61763b948ef1646aa43e4b7469192bed4003b7cbed11d2c12f4eb154326f9ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: abdbd848dd020dfc8427fe30ed957358b57952be7c8c307bd8df1df060e6b93e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A541B0B6B08A429AEB54DF22A4400BD77A4FF46BC5B454035EEAD87B85EF3CE441C340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB39A20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Item$Text$Dialog
                                                                                                                                                                                                          • String ID: ASKNEXTVOL
                                                                                                                                                                                                          • API String ID: 2638039312-3402441367
                                                                                                                                                                                                          • Opcode ID: 7989dff3c50c56c6cc139d7f67db034519f6fc83464fb887bf4ef7d5e981a364
                                                                                                                                                                                                          • Instruction ID: f352cd3047139646a26bae6c38f2cd76dfd9c114c8bc7fef3b5ff6ebbbddb34a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7989dff3c50c56c6cc139d7f67db034519f6fc83464fb887bf4ef7d5e981a364
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 124194A2B1868282FE149F16E4942BA2761AF87BC6F540035DEEDC77A5FF3CE4459340
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB295E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide_snwprintf
                                                                                                                                                                                                          • String ID: $%s$@%s
                                                                                                                                                                                                          • API String ID: 2650857296-834177443
                                                                                                                                                                                                          • Opcode ID: 61aa15ec8efa5e091db1290c2b1bb03b7e81f9921c688364f82932fb47c38b92
                                                                                                                                                                                                          • Instruction ID: ef1d0b3c9e667a5aa924860944270b363bba70e80ede52822107dad7937a67fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61aa15ec8efa5e091db1290c2b1bb03b7e81f9921c688364f82932fb47c38b92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C31ADB3B18A5696EE108F66E4442EA23A0FB46789F405032DE9D97759FF3CE505C700
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB4E9E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 3000768030-2766056989
                                                                                                                                                                                                          • Opcode ID: 8d8ea2d4e5909bed338133a5bd192c156cb8ff3d1b8b72df778ce2b2be1c1e51
                                                                                                                                                                                                          • Instruction ID: dc823184b93a565f5202960b26ab688f77d6d80856c6925212f54eabd95070d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d8ea2d4e5909bed338133a5bd192c156cb8ff3d1b8b72df778ce2b2be1c1e51
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921A2E2B09A8285EB64CF28D4901396651FB86775F285335E6FE877D4EE3CD881C341
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB43F58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CDB41C1E), ref: 00007FF6CDB43F9C
                                                                                                                                                                                                          • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CDB41C1E), ref: 00007FF6CDB43FE2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                          • Opcode ID: f0616bcadced5d2513a00ddc48c4db8134eaf896c9b096a64d0c4ff957e2c77c
                                                                                                                                                                                                          • Instruction ID: 22e2b4778724404128d8ead8c070996780ecbcce3773055417e4e18f96f961b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0616bcadced5d2513a00ddc48c4db8134eaf896c9b096a64d0c4ff957e2c77c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B116672A18B8182EB21CF15E440269B7A0FF99B85F184230EEDD47B68EF3CC951CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2E9C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CDB2E8CB,?,?,?,00007FF6CDB2464A,?,?,?), ref: 00007FF6CDB2E9CF
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CDB2E8CB,?,?,?,00007FF6CDB2464A,?,?,?), ref: 00007FF6CDB2E9DA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                                                                                          • API String ID: 1211598281-2248577382
                                                                                                                                                                                                          • Opcode ID: 0be3f9b4d8bd4fe87441163ba80d67581a7a6799d90b566deab43d0283165153
                                                                                                                                                                                                          • Instruction ID: 752cc86a8d0f928303600165333928aa97b141cae88499fa54d9129ed76273a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be3f9b4d8bd4fe87441163ba80d67581a7a6799d90b566deab43d0283165153
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53E0E5A2F1980292F600AB25DC4617872207F673A2F944331D0BEC11F5BF2CA9458310
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00007FF6CDB2A3EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1667463112.00007FF6CDB11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CDB10000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667444468.00007FF6CDB10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667526712.00007FF6CDB74000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1667568192.00007FF6CDB7E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6cdb10000_3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FindHandleModuleResource
                                                                                                                                                                                                          • String ID: RTL
                                                                                                                                                                                                          • API String ID: 3537982541-834975271
                                                                                                                                                                                                          • Opcode ID: 8bb87b8782bc4f719ee409d300cf3865ef3d2a8ccba331494b8c78a275f12365
                                                                                                                                                                                                          • Instruction ID: cb3233a51b12c33707536c4bd5edf63de7848f10c6bde0a175a9af770293150c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bb87b8782bc4f719ee409d300cf3865ef3d2a8ccba331494b8c78a275f12365
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9D05ED5F1964282FF194F72E84A33526505F1EB43F484038C8AE8A390FF2CD184C750
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:0.3%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:25.6%
                                                                                                                                                                                                          Total number of Nodes:289
                                                                                                                                                                                                          Total number of Limit Nodes:22
                                                                                                                                                                                                          execution_graph 61612 11002690 61613 1100269e 61612->61613 61616 110d57ee 61613->61616 61614 110026ad 61618 110d57fa __fsopen 61616->61618 61617 110d5839 61620 110d5873 __fsopen _realloc 61617->61620 61621 110d584e RtlFreeHeap 61617->61621 61618->61617 61618->61620 61629 110df2f5 66 API calls 2 library calls 61618->61629 61620->61614 61621->61620 61623 110d5860 61621->61623 61622 110d5811 ___sbh_find_block 61628 110d582b 61622->61628 61630 110e0142 VirtualFree VirtualFree HeapFree __fptostr 61622->61630 61632 110d6926 66 API calls __getptd_noexit 61623->61632 61625 110d5865 GetLastError 61625->61620 61631 110d5844 LeaveCriticalSection _doexit 61628->61631 61629->61622 61630->61628 61631->61617 61632->61625 61633 110db29f 61634 110db2af 61633->61634 61635 110db2aa 61633->61635 61639 110db1a9 61634->61639 61651 110e41be GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 61635->61651 61638 110db2bd 61640 110db1b5 __fsopen 61639->61640 61641 110db202 61640->61641 61649 110db252 __fsopen 61640->61649 61652 110db074 61640->61652 61641->61649 61701 11001a70 121 API calls ___DllMainCRTStartup 61641->61701 61644 110db215 61645 110db232 61644->61645 61702 11001a70 121 API calls ___DllMainCRTStartup 61644->61702 61646 110db074 __CRT_INIT@12 156 API calls 61645->61646 61645->61649 61646->61649 61648 110db229 61650 110db074 __CRT_INIT@12 156 API calls 61648->61650 61649->61638 61650->61645 61651->61634 61653 110db0ff 61652->61653 61654 110db083 61652->61654 61656 110db105 61653->61656 61657 110db136 61653->61657 61703 110e006e HeapCreate 61654->61703 61663 110db120 61656->61663 61671 110db08e 61656->61671 61725 110d50f2 66 API calls _doexit 61656->61725 61658 110db13b 61657->61658 61659 110db194 61657->61659 61729 110dd84d 8 API calls __decode_pointer 61658->61729 61659->61671 61705 110ddb67 61659->61705 61662 110db095 61716 110ddbd5 77 API calls 8 library calls 61662->61716 61663->61671 61726 110dff81 67 API calls __ioterm 61663->61726 61664 110db140 61730 110dfc41 66 API calls __calloc_impl 61664->61730 61668 110db09a __RTC_Initialize 61672 110db09e 61668->61672 61679 110db0aa GetCommandLineA 61668->61679 61671->61641 61717 110e009e VirtualFree HeapFree HeapFree HeapDestroy 61672->61717 61673 110db12a 61727 110dd881 69 API calls 2 library calls 61673->61727 61674 110db14c 61674->61671 61731 110dd7d2 6 API calls __crt_waiting_on_module_handle 61674->61731 61677 110db0a3 61677->61671 61678 110db12f 61728 110e009e VirtualFree HeapFree HeapFree HeapDestroy 61678->61728 61718 110e4087 76 API calls 3 library calls 61679->61718 61681 110db16a 61686 110db188 61681->61686 61687 110db171 61681->61687 61684 110db0ba 61719 110dfd2d 71 API calls 3 library calls 61684->61719 61690 110d57ee __ioterm 66 API calls 61686->61690 61732 110dd8be 66 API calls 5 library calls 61687->61732 61688 110db0c4 61691 110db0c8 61688->61691 61721 110e3fcc 111 API calls 3 library calls 61688->61721 61690->61677 61720 110dd881 69 API calls 2 library calls 61691->61720 61692 110db178 GetCurrentThreadId 61692->61671 61695 110db0d4 61696 110db0e8 61695->61696 61722 110e3d54 110 API calls 6 library calls 61695->61722 61696->61677 61724 110dff81 67 API calls __ioterm 61696->61724 61699 110db0dd 61699->61696 61723 110d4f2b 74 API calls 5 library calls 61699->61723 61701->61644 61702->61648 61704 110db089 61703->61704 61704->61662 61704->61671 61706 110ddb75 61705->61706 61707 110ddbc0 61705->61707 61708 110ddb7b TlsGetValue 61706->61708 61709 110ddb9e 61706->61709 61710 110ddbca TlsSetValue 61707->61710 61711 110ddbd3 61707->61711 61708->61709 61712 110ddb8e TlsGetValue 61708->61712 61769 110dd7d2 6 API calls __crt_waiting_on_module_handle 61709->61769 61710->61711 61711->61671 61712->61709 61714 110ddbb5 61733 110dda38 61714->61733 61716->61668 61717->61677 61718->61684 61719->61688 61720->61672 61721->61695 61722->61699 61723->61696 61724->61691 61725->61663 61726->61673 61727->61678 61728->61671 61729->61664 61730->61674 61731->61681 61732->61692 61736 110dda44 __fsopen 61733->61736 61734 110ddb46 __fsopen 61734->61707 61735 110dda5c 61738 110dda6a 61735->61738 61739 110d57ee __ioterm 66 API calls 61735->61739 61736->61734 61736->61735 61737 110d57ee __ioterm 66 API calls 61736->61737 61737->61735 61740 110dda78 61738->61740 61741 110d57ee __ioterm 66 API calls 61738->61741 61739->61738 61742 110dda86 61740->61742 61743 110d57ee __ioterm 66 API calls 61740->61743 61741->61740 61744 110dda94 61742->61744 61745 110d57ee __ioterm 66 API calls 61742->61745 61743->61742 61746 110ddaa2 61744->61746 61747 110d57ee __ioterm 66 API calls 61744->61747 61745->61744 61748 110ddab0 61746->61748 61749 110d57ee __ioterm 66 API calls 61746->61749 61747->61746 61750 110ddac1 61748->61750 61751 110d57ee __ioterm 66 API calls 61748->61751 61749->61748 61770 110df2f5 66 API calls 2 library calls 61750->61770 61751->61750 61753 110ddac9 61754 110ddaee 61753->61754 61755 110ddad5 InterlockedDecrement 61753->61755 61771 110ddb52 LeaveCriticalSection _doexit 61754->61771 61755->61754 61756 110ddae0 61755->61756 61756->61754 61759 110d57ee __ioterm 66 API calls 61756->61759 61758 110ddafb 61772 110df2f5 66 API calls 2 library calls 61758->61772 61759->61754 61761 110ddb02 61762 110ddb33 61761->61762 61773 110dd60a 8 API calls 61761->61773 61775 110ddb5e LeaveCriticalSection _doexit 61762->61775 61765 110ddb40 61766 110d57ee __ioterm 66 API calls 61765->61766 61766->61734 61767 110ddb17 61767->61762 61774 110dd432 66 API calls 4 library calls 61767->61774 61769->61714 61770->61753 61771->61758 61772->61761 61773->61767 61774->61762 61775->61765 61776 11002064 61779 110d5ae6 61776->61779 61780 110d5b99 61779->61780 61790 110d5af8 61779->61790 61804 110dfbd4 6 API calls __decode_pointer 61780->61804 61782 110d5b9f 61805 110d6926 66 API calls __getptd_noexit 61782->61805 61787 110d5b55 RtlAllocateHeap 61787->61790 61788 110d5b09 61788->61790 61797 110df652 66 API calls 2 library calls 61788->61797 61798 110df4a7 66 API calls 7 library calls 61788->61798 61799 110d4ec0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 61788->61799 61790->61787 61790->61788 61791 110d5b85 61790->61791 61794 110d5b8a 61790->61794 61796 1100206b 61790->61796 61800 110d5a97 66 API calls 4 library calls 61790->61800 61801 110dfbd4 6 API calls __decode_pointer 61790->61801 61802 110d6926 66 API calls __getptd_noexit 61791->61802 61803 110d6926 66 API calls __getptd_noexit 61794->61803 61797->61788 61798->61788 61800->61790 61801->61790 61802->61794 61803->61796 61804->61782 61805->61796 61806 1106cf50 61809 1106c670 61806->61809 61808 1106cf55 61808->61808 61810 1106c682 __write_nolock 61809->61810 61811 1106c6a2 LoadLibraryA LoadLibraryA LoadLibraryA 61810->61811 61812 1106c708 GetProcAddress GetProcAddress 61811->61812 61817 1106c71e __write_nolock 61811->61817 61812->61817 61813 1106c7ad 61814 1106c7b1 FreeLibrary 61813->61814 61815 1106c7b8 61813->61815 61814->61815 61816 1106c7be GetProcAddress GetProcAddress GetProcAddress 61815->61816 61840 1106c7e2 __write_nolock 61815->61840 61816->61840 61817->61813 61823 1106c74e RAND_add 61817->61823 61834 1106c76f __write_nolock 61817->61834 61818 1106c8b0 61819 1106c8bf FreeLibrary 61818->61819 61820 1106c8c9 GetVersion 61818->61820 61819->61820 61821 1106c8d6 OPENSSL_isservice 61820->61821 61822 1106c8e3 LoadLibraryA 61820->61822 61821->61822 61824 1106c9cf 61821->61824 61822->61824 61825 1106c8f8 GetProcAddress GetProcAddress GetProcAddress 61822->61825 61823->61834 61826 1106c9d7 12 API calls 61824->61826 61827 1106cdcd 61824->61827 61828 1106c942 61825->61828 61829 1106c91f __write_nolock 61825->61829 61832 1106cdc6 FreeLibrary 61826->61832 61833 1106ca69 61826->61833 61883 1106c460 61827->61883 61831 1106c948 GetVersion 61828->61831 61844 1106c99a __write_nolock 61828->61844 61841 1106c92f RAND_add 61829->61841 61836 1106c955 GetVersion 61831->61836 61848 1106c95f __write_nolock 61831->61848 61832->61827 61833->61832 61854 1106cacc CreateToolhelp32Snapshot 61833->61854 61834->61813 61837 1106c78f RAND_add 61834->61837 61836->61844 61836->61848 61837->61813 61838 1106c9c8 FreeLibrary 61838->61824 61840->61818 61846 1106c853 __write_nolock 61840->61846 61849 1106c836 RAND_add 61840->61849 61841->61828 61842 1106cde9 RAND_add GetCurrentProcessId 61843 110d46a0 __write_nolock 61842->61843 61847 1106ce12 RAND_add 61843->61847 61844->61838 61845 1106c9b5 RAND_add 61844->61845 61845->61838 61846->61818 61853 1106c88f RAND_add 61846->61853 61895 110d4d22 5 API calls __invoke_watson 61847->61895 61848->61844 61852 1106c981 RAND_add 61848->61852 61849->61846 61851 1106ce45 61851->61808 61852->61844 61853->61818 61854->61832 61855 1106cade 61854->61855 61856 1106cb01 Heap32ListFirst 61855->61856 61857 1106caf8 GetTickCount 61855->61857 61858 1106cc47 61856->61858 61865 1106cb13 __write_nolock 61856->61865 61857->61856 61859 1106cc57 GetTickCount 61858->61859 61860 1106cc60 Process32First 61858->61860 61859->61860 61869 1106ccc4 61860->61869 61870 1106cc6f __write_nolock 61860->61870 61861 1106ccd7 GetTickCount 61875 1106cce0 __write_nolock 61861->61875 61862 1106cb2a RAND_add Heap32First 61862->61865 61863 1106cc7f RAND_add 61863->61870 61864 1106cc1b Heap32ListNext 61864->61858 61864->61865 61865->61858 61865->61862 61865->61864 61866 1106cc2d GetTickCount 61865->61866 61867 1106cbab RAND_add Heap32Next 61865->61867 61872 1106cbde GetTickCount 61865->61872 61866->61858 61866->61865 61867->61865 61868 1106cd54 GetTickCount 61878 1106cd5d __write_nolock 61868->61878 61869->61861 61869->61875 61870->61863 61870->61869 61873 1106ccb5 GetTickCount 61870->61873 61871 1106cd02 RAND_add 61871->61875 61872->61865 61873->61869 61873->61870 61874 1106cdb4 61876 1106cdc0 FindCloseChangeNotification 61874->61876 61877 1106cdbc 61874->61877 61875->61871 61879 1106cd44 61875->61879 61881 1106cd39 GetTickCount 61875->61881 61876->61832 61877->61832 61878->61874 61880 1106cd7a RAND_add 61878->61880 61882 1106cda4 GetTickCount 61878->61882 61879->61868 61879->61878 61880->61878 61881->61875 61881->61879 61882->61874 61882->61878 61884 1106c46a __write_nolock 61883->61884 61885 1106c473 QueryPerformanceCounter 61884->61885 61886 1106c4b0 GetTickCount 61884->61886 61887 1106c482 61885->61887 61888 1106c489 __write_nolock 61885->61888 61889 110d46a0 __write_nolock 61886->61889 61887->61886 61892 1106c493 RAND_add 61888->61892 61890 1106c4c3 RAND_add 61889->61890 61891 1106c4d7 GlobalMemoryStatus 61890->61891 61893 110d46a0 61891->61893 61892->61886 61892->61891 61894 110d46b4 61893->61894 61894->61842 61895->61851 61896 12033569 61897 12033574 61896->61897 61898 12033579 61896->61898 61910 12037dc2 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 61897->61910 61902 12033473 61898->61902 61901 12033587 61903 1203347f __ioinit 61902->61903 61907 1203351c __ioinit 61903->61907 61908 120334cc ___DllMainCRTStartup 61903->61908 61911 1203333e 61903->61911 61905 120334fc 61906 1203333e __CRT_INIT@12 154 API calls 61905->61906 61905->61907 61906->61907 61907->61901 61908->61905 61908->61907 61909 1203333e __CRT_INIT@12 154 API calls 61908->61909 61909->61905 61910->61898 61912 120333c9 61911->61912 61913 1203334d 61911->61913 61915 12033400 61912->61915 61916 120333cf 61912->61916 61960 12037b97 HeapCreate 61913->61960 61917 12033405 61915->61917 61918 1203345e 61915->61918 61920 12033358 61916->61920 61923 120333ea 61916->61923 61971 12035d8e 66 API calls _doexit 61916->61971 61974 12036223 8 API calls __decode_pointer 61917->61974 61918->61920 61979 1203653d 78 API calls 2 library calls 61918->61979 61920->61908 61922 1203335f 61962 120365ab 75 API calls 8 library calls 61922->61962 61923->61920 61972 120354fd 67 API calls __freebuf 61923->61972 61926 1203340a 61975 12035911 66 API calls __calloc_impl 61926->61975 61928 12033364 __RTC_Initialize 61937 12033374 GetCommandLineA 61928->61937 61954 12033368 61928->61954 61931 120333f4 61973 12036257 7 API calls __decode_pointer 61931->61973 61932 12033416 61932->61920 61976 120361a8 6 API calls __crt_waiting_on_module_handle 61932->61976 61964 12037a14 76 API calls 3 library calls 61937->61964 61940 12033384 61965 120352a9 71 API calls 2 library calls 61940->61965 61941 12033434 61943 12033452 61941->61943 61944 1203343b 61941->61944 61978 120359ab 66 API calls 7 library calls 61943->61978 61977 12036294 66 API calls 5 library calls 61944->61977 61945 1203338e 61948 12033392 61945->61948 61967 12037959 111 API calls 3 library calls 61945->61967 61966 12036257 7 API calls __decode_pointer 61948->61966 61950 12033442 GetCurrentThreadId 61950->61920 61951 1203336d 61951->61920 61953 1203339e 61955 120333b2 61953->61955 61968 120376e1 110 API calls 6 library calls 61953->61968 61963 12037bc7 VirtualFree HeapFree HeapFree HeapDestroy 61954->61963 61955->61951 61970 120354fd 67 API calls __freebuf 61955->61970 61958 120333a7 61958->61955 61969 12035bc7 74 API calls 5 library calls 61958->61969 61961 12033353 61960->61961 61961->61920 61961->61922 61962->61928 61963->61951 61964->61940 61965->61945 61967->61953 61968->61958 61969->61955 61970->61948 61971->61923 61972->61931 61974->61926 61975->61932 61976->61941 61977->61950 61978->61951 61979->61920

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 1106C670 Relevance: 159.9, APIs: 64, Strings: 27, Instructions: 603libraryloadermemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 1106c670-1106c706 call 110d46a0 * 2 LoadLibraryA * 3 5 1106c71e-1106c722 0->5 6 1106c708-1106c71b GetProcAddress * 2 0->6 7 1106c7ad-1106c7af 5->7 8 1106c728-1106c72c 5->8 6->5 9 1106c7b1-1106c7b2 FreeLibrary 7->9 10 1106c7b8-1106c7bc 7->10 8->7 11 1106c72e-1106c742 8->11 9->10 12 1106c7e2-1106c7e6 10->12 13 1106c7be-1106c7df GetProcAddress * 3 10->13 19 1106c744-1106c76b call 110d46a0 RAND_add 11->19 20 1106c76f-1106c77c 11->20 15 1106c7ec-1106c7f0 12->15 16 1106c8b9-1106c8bd 12->16 13->12 15->16 21 1106c7f6-1106c7fa 15->21 17 1106c8bf-1106c8c3 FreeLibrary 16->17 18 1106c8c9-1106c8d4 GetVersion 16->18 17->18 23 1106c8d6-1106c8dd OPENSSL_isservice 18->23 24 1106c8e3-1106c8f2 LoadLibraryA 18->24 19->20 27 1106c781-1106c783 20->27 21->16 22 1106c800-1106c816 21->22 39 1106c85c-1106c86a 22->39 40 1106c818-1106c82a 22->40 23->24 28 1106c9cf-1106c9d1 23->28 24->28 29 1106c8f8-1106c91d GetProcAddress * 3 24->29 27->7 33 1106c785-1106c7a9 call 110d46a0 RAND_add 27->33 31 1106c9d7-1106ca63 GetProcAddress * 12 28->31 32 1106cdcd-1106cde4 call 1106c460 GlobalMemoryStatus call 110d46a0 28->32 34 1106c942-1106c946 29->34 35 1106c91f 29->35 41 1106cdc6-1106cdc7 FreeLibrary 31->41 42 1106ca69-1106ca6d 31->42 59 1106cde9-1106ce4e RAND_add GetCurrentProcessId call 110d46a0 RAND_add call 110d4d22 32->59 33->7 37 1106c99a-1106c99e 34->37 38 1106c948-1106c953 GetVersion 34->38 51 1106c922-1106c93f call 110d46a0 RAND_add 35->51 49 1106c9a0-1106c9c5 call 110d46a0 RAND_add 37->49 50 1106c9c8-1106c9c9 FreeLibrary 37->50 45 1106c955-1106c95d GetVersion 38->45 46 1106c95f-1106c963 38->46 56 1106c86d-1106c86f 39->56 60 1106c853-1106c858 40->60 61 1106c82c-1106c84c call 110d46a0 RAND_add 40->61 41->32 42->41 47 1106ca73-1106ca77 42->47 45->37 45->46 46->37 53 1106c965-1106c975 46->53 47->41 55 1106ca7d-1106ca82 47->55 49->50 50->28 51->34 53->37 73 1106c977-1106c997 call 110d46a0 RAND_add 53->73 55->41 62 1106ca88-1106ca8c 55->62 56->16 64 1106c871-1106c883 56->64 60->39 61->60 62->41 68 1106ca92-1106ca96 62->68 76 1106c885-1106c8a9 call 110d46a0 RAND_add 64->76 77 1106c8b0-1106c8b5 64->77 68->41 75 1106ca9c-1106caa0 68->75 73->37 75->41 80 1106caa6-1106caaa 75->80 76->77 77->16 80->41 84 1106cab0-1106cab4 80->84 84->41 86 1106caba-1106cabe 84->86 86->41 87 1106cac4-1106cac6 86->87 87->41 88 1106cacc-1106cad8 CreateToolhelp32Snapshot 87->88 88->41 89 1106cade-1106caf6 88->89 90 1106cb01-1106cb0d Heap32ListFirst 89->90 91 1106caf8-1106cafe GetTickCount 89->91 92 1106cc47-1106cc55 90->92 93 1106cb13-1106cb1a 90->93 91->90 95 1106cc57-1106cc5d GetTickCount 92->95 96 1106cc60-1106cc6d Process32First 92->96 94 1106cb20-1106cb94 call 110d46a0 RAND_add Heap32First 93->94 104 1106cb96-1106cb9e 94->104 105 1106cbf8-1106cc25 Heap32ListNext 94->105 95->96 98 1106ccc7-1106ccd5 96->98 99 1106cc6f-1106cc72 96->99 100 1106ccd7-1106ccdd GetTickCount 98->100 101 1106cce0-1106cced 98->101 103 1106cc75-1106ccad call 110d46a0 RAND_add 99->103 100->101 112 1106cd47-1106cd52 101->112 113 1106ccef-1106ccf2 101->113 125 1106ccc4 103->125 126 1106ccaf-1106ccb3 103->126 108 1106cba1-1106cbd6 call 110d46a0 RAND_add Heap32Next 104->108 105->92 111 1106cc27-1106cc2b 105->111 123 1106cbf5 108->123 124 1106cbd8-1106cbdc 108->124 115 1106cc3d-1106cc41 111->115 116 1106cc2d-1106cc3b GetTickCount 111->116 120 1106cd54-1106cd5a GetTickCount 112->120 121 1106cd5d-1106cd67 112->121 117 1106ccf8-1106cd31 call 110d46a0 RAND_add 113->117 115->92 115->94 116->92 116->115 139 1106cd44 117->139 140 1106cd33-1106cd37 117->140 120->121 132 1106cdb4-1106cdba 121->132 133 1106cd69-1106cd6c 121->133 123->105 129 1106cbde-1106cbeb GetTickCount 124->129 130 1106cbed-1106cbf3 124->130 125->98 126->103 131 1106ccb5-1106ccc2 GetTickCount 126->131 129->123 129->130 130->108 130->123 131->103 131->125 136 1106cdc0 FindCloseChangeNotification 132->136 137 1106cdbc-1106cdbe 132->137 134 1106cd70-1106cd9c call 110d46a0 RAND_add 133->134 134->132 145 1106cd9e-1106cda2 134->145 136->41 137->41 139->112 140->117 142 1106cd39-1106cd42 GetTickCount 140->142 142->117 142->139 145->134 146 1106cda4-1106cdb2 GetTickCount 145->146 146->132 146->134
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ADVAPI32.DLL,6C7ED52C), ref: 1106C6D5
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 1106C6DF
                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(NETAPI32.DLL), ref: 1106C6EB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 1106C70E
                                                                                                                                                                                                          • GetProcAddress.KERNELBASE(00000000,NetApiBufferFree), ref: 1106C719
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,000000D8), ref: 1106C760
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,00000044), ref: 1106C79E
                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(00000000), ref: 1106C7B2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 1106C7C7
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 1106C7D2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 1106C7DD
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,00000040), ref: 1106C844
                                                                                                                                                                                                          • Heap32First.KERNEL32(?,?,?), ref: 1106CB8F
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,?), ref: 1106CBC2
                                                                                                                                                                                                          • Heap32Next.KERNEL32(?), ref: 1106CBD1
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CBDE
                                                                                                                                                                                                          • Heap32ListNext.KERNEL32(?,?), ref: 1106CC20
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CC2D
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CC57
                                                                                                                                                                                                          • Process32First.KERNEL32(?,?), ref: 1106CC68
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,?), ref: 1106CC96
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CCB5
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CCD7
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,?), ref: 1106CD19
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CD39
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CD54
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,00000040), ref: 1106C8A1
                                                                                                                                                                                                            • Part of subcall function 1106C290: ENGINE_get_default_RAND.LIBEAY32(00000000,11039409,?,00000008), ref: 1106C29A
                                                                                                                                                                                                            • Part of subcall function 1106C290: TS_TST_INFO_get_nonce.LIBEAY32(00000000,00000000,11039409,?,00000008), ref: 1106C2A6
                                                                                                                                                                                                            • Part of subcall function 1106C290: ENGINE_finish.LIBEAY32(00000000,00000008), ref: 1106C2B8
                                                                                                                                                                                                            • Part of subcall function 1106C290: RAND_SSLeay.LIBEAY32(00000000,11039409,?,00000008), ref: 1106C2C0
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 1106C8C3
                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 1106C8C9
                                                                                                                                                                                                          • OPENSSL_isservice.LIBEAY32 ref: 1106C8D6
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(USER32.DLL), ref: 1106C8E8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 1106C8FE
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCursorInfo), ref: 1106C909
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetQueueStatus), ref: 1106C914
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,00000004), ref: 1106C93A
                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 1106C948
                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 1106C955
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,?), ref: 1106C992
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,00000004), ref: 1106C9C0
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 1106C9C9
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 1106C9E4
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseToolhelp32Snapshot), ref: 1106C9EE
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 1106C9F9
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 1106CA04
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 1106CA0F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 1106CA1A
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 1106CA25
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 1106CA30
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 1106CA3B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 1106CA46
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 1106CA51
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 1106CA5C
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 1106CAD0
                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 1106CAF8
                                                                                                                                                                                                          • Heap32ListFirst.KERNEL32(?,?), ref: 1106CB09
                                                                                                                                                                                                          • RAND_add.LIBEAY32(?,?), ref: 1106CB3B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1775673433.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1775651683.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777212631.0000000011140000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777241361.0000000011142000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777273017.0000000011145000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_11000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$D_add$CountTick$Library$Heap32Load$FirstFreeVersion$ListNext$CreateE_finishE_get_default_L_isserviceLeayO_get_nonceProcess32SnapshotToolhelp32
                                                                                                                                                                                                          • String ID: ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                                                                          • API String ID: 3196546149-2556708411
                                                                                                                                                                                                          • Opcode ID: e3327effe1f5b2ba4b67e000f706f2fbadeac98b4e4da4298eb7c2a19fa64854
                                                                                                                                                                                                          • Instruction ID: 10a006a5607e0d550d81875a8ab9047309df8414474868ce463227d917f8a542
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3327effe1f5b2ba4b67e000f706f2fbadeac98b4e4da4298eb7c2a19fa64854
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58322871D0021AEBEB10EFE5CE85BEEBBB8FF08704F00455AE519E6280DB759944CB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 11002690 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 501 11002690-1100269c 502 110026a6-110026a7 call 110d57ee 501->502 503 1100269e-110026a3 501->503 504 110026ad-110026b8 502->504 503->502 506 110026c3 504->506 507 110026ba-110026c0 504->507 507->506
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1775673433.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1775651683.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777212631.0000000011140000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777241361.0000000011142000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777273017.0000000011145000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_11000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bfefd2b9e16b7a881cd250c4d70c7b59d63382c890754df551f5f8380428b221
                                                                                                                                                                                                          • Instruction ID: 8350dbce866fad38a17a7c687df15374a8df1a5ee9a01a80c45016c01f5f9c5f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfefd2b9e16b7a881cd250c4d70c7b59d63382c890754df551f5f8380428b221
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE0C230A4022167F9019654DC81FD63AC82F04BA5F080060F914E3280D798E29286B6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 110D57EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __lock.LIBCMT ref: 110D580C
                                                                                                                                                                                                            • Part of subcall function 110DF2F5: __mtinitlocknum.LIBCMT ref: 110DF30B
                                                                                                                                                                                                            • Part of subcall function 110DF2F5: __amsg_exit.LIBCMT ref: 110DF317
                                                                                                                                                                                                            • Part of subcall function 110DF2F5: EnterCriticalSection.KERNEL32(-0000000F,-0000000F,?,110E57B3,00000004,11123660,0000000C,110DFC57,000000FF,00000000,00000000,00000000,00000000,?,110DD9D0,00000001), ref: 110DF31F
                                                                                                                                                                                                          • ___sbh_find_block.LIBCMT ref: 110D5817
                                                                                                                                                                                                          • ___sbh_free_block.LIBCMT ref: 110D5826
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,000000FF,11123020,0000000C,110DF2D6,00000000,11123418,0000000C,110DF310,000000FF,-0000000F,?,110E57B3,00000004,11123660,0000000C), ref: 110D5856
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,110E57B3,00000004,11123660,0000000C,110DFC57,000000FF,00000000,00000000,00000000,00000000,?,110DD9D0,00000001,00000214), ref: 110D5867
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1775673433.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1775651683.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777212631.0000000011140000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777241361.0000000011142000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777273017.0000000011145000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_11000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2714421763-0
                                                                                                                                                                                                          • Opcode ID: 5744958208ca1ac439fda2841ed7bef3125d2a74257cb5450ff4dc5b0423a131
                                                                                                                                                                                                          • Instruction ID: f2934fa887a2f5b92d4dad34fa244d5c29d8b91115a05218f3b5124a81aaa94c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5744958208ca1ac439fda2841ed7bef3125d2a74257cb5450ff4dc5b0423a131
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F101A235D06317EBDF21DF728C0AB4D7EB5AF08768F208168E814BA084DB36E1808B55
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12037B97 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 176 12037b97-12037bb9 HeapCreate 177 12037bbb-12037bbc 176->177 178 12037bbd-12037bc6 176->178
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,12033353,00000001,?,?,?,120334CC,?,?,?,12048C20,0000000C,12033587), ref: 12037BAC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                          • Opcode ID: 8fac217aa9f652e8f54ec70a04afeef6d63efe9694f6380ccd52bae7a97805df
                                                                                                                                                                                                          • Instruction ID: d350fafc95f1c94b9f63ab010e44d7dd19ab866b47b7ae0c0406e77e65b2a184
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fac217aa9f652e8f54ec70a04afeef6d63efe9694f6380ccd52bae7a97805df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1D05E765953999EEB019E756848BA63BECA384395F004E75F81CC6140E674D5409A50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 110E006E Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 173 110e006e-110e0090 HeapCreate 174 110e0094-110e009d 173->174 175 110e0092-110e0093 173->175
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,110DB089,?), ref: 110E0083
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1775673433.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1775651683.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777212631.0000000011140000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777241361.0000000011142000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777273017.0000000011145000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_11000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                          • Opcode ID: bd4e453b01535edf120120e6e356e70a1ed62b97cbcbb1e21416d31b3b5b92cd
                                                                                                                                                                                                          • Instruction ID: 008941fb269a23ccf09a13ed0fca1b748723d80f21f7a7662bf1493f44b99112
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd4e453b01535edf120120e6e356e70a1ed62b97cbcbb1e21416d31b3b5b92cd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8ED05E32A50359AFDB119E725848B227BDDD388A99F048476F91CC6584F779C580CB00
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 12028320 Relevance: 87.6, APIs: 27, Strings: 23, Instructions: 108COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(DES-CBC,1202EFCD), ref: 12028325
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 12028334
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 12028343
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 12028352
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 12028361
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 12028370
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 1202837F
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 1202838E
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 1202839D
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283AC
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(SEED-CBC,gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283BB
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(id-aes128-GCM,SEED-CBC,gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283CA
                                                                                                                                                                                                          • EVP_get_cipherbyname.LIBEAY32(id-aes256-GCM,id-aes128-GCM,SEED-CBC,gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283D9
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(MD5,id-aes256-GCM,id-aes128-GCM,SEED-CBC,gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283E8
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,MD5,id-aes256-GCM,id-aes128-GCM,SEED-CBC,gost89-cnt,CAMELLIA-256-CBC,CAMELLIA-128-CBC,AES-256-CBC,AES-128-CBC,IDEA-CBC,RC2-CBC,RC4,DES-EDE3-CBC,DES-CBC,1202EFCD), ref: 120283F3
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\ssl_ciph.c,000001B5,ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0), ref: 12028413
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(SHA1,?,?,?,?,?,?,?,?,?,?,?,?,?,?,1202EFCD), ref: 12028420
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,SHA1), ref: 1202842B
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\ssl_ciph.c,000001B9,ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0), ref: 1202844B
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(md_gost94), ref: 12028458
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000), ref: 1202846A
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\ssl_ciph.c,000001BF,ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0), ref: 1202848A
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(gost-mac), ref: 12028497
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(SHA256), ref: 120284C6
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,SHA256), ref: 120284D1
                                                                                                                                                                                                          • EVP_get_digestbyname.LIBEAY32(SHA384,00000000,SHA256), ref: 120284E0
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,SHA384,00000000,SHA256), ref: 120284EB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_get_cipherbyname$P_get_digestbyname$D_size$Open
                                                                                                                                                                                                          • String ID: .\ssl\ssl_ciph.c$AES-128-CBC$AES-256-CBC$CAMELLIA-128-CBC$CAMELLIA-256-CBC$DES-CBC$DES-EDE3-CBC$IDEA-CBC$MD5$RC2-CBC$RC4$SEED-CBC$SHA1$SHA256$SHA384$gost-mac$gost89-cnt$id-aes128-GCM$id-aes256-GCM$md_gost94$ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0$ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0$ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0
                                                                                                                                                                                                          • API String ID: 2986206148-2187843582
                                                                                                                                                                                                          • Opcode ID: 9d1934bc04c8dccff6172f709497ed78a8034637576d0e3eeabe05fb90cadca0
                                                                                                                                                                                                          • Instruction ID: a0a7c332c7fadc3b34ea5585c1b985939b06dbd4fbf0cc363d4d63c2236e8d62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d1934bc04c8dccff6172f709497ed78a8034637576d0e3eeabe05fb90cadca0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B3130BBE857916EE781EF71CC845AE77B27B1C3467158F39E40496A00EF349101BB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12019060 Relevance: 61.7, APIs: 31, Strings: 4, Instructions: 497COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(0000008C,.\ssl\t1_enc.c,0000017A), ref: 120190FF
                                                                                                                                                                                                          • EVP_CIPHER_CTX_init.LIBEAY32(00000000), ref: 12019116
                                                                                                                                                                                                          • COMP_CTX_free.LIBEAY32(?), ref: 1201914F
                                                                                                                                                                                                          • COMP_CTX_new.LIBEAY32(?), ref: 12019165
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(00004540,.\ssl\t1_enc.c,00000193), ref: 120191A5
                                                                                                                                                                                                          • EVP_CIPHER_CTX_new.LIBEAY32 ref: 1201921E
                                                                                                                                                                                                          • EVP_MD_CTX_create.LIBEAY32 ref: 12019247
                                                                                                                                                                                                          • COMP_CTX_free.LIBEAY32(?), ref: 12019265
                                                                                                                                                                                                          • COMP_CTX_new.LIBEAY32(?), ref: 1201927B
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?), ref: 120192FF
                                                                                                                                                                                                          • UI_get0_user_data.LIBEAY32(?), ref: 12019321
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?), ref: 12019373
                                                                                                                                                                                                          • X509_TRUST_get0_name.LIBEAY32(?), ref: 12019395
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?,?,?,?), ref: 12019431
                                                                                                                                                                                                          • EVP_PKEY_new_mac_key.LIBEAY32(?,00000000,?), ref: 1201944F
                                                                                                                                                                                                          • EVP_DigestSignInit.LIBEAY32(?,00000000,?,00000000,00000000), ref: 12019470
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000), ref: 12019481
                                                                                                                                                                                                          • UI_get0_user_data.LIBEAY32(?), ref: 1201949C
                                                                                                                                                                                                            • Part of subcall function 12024BE0: EVP_MD_CTX_destroy.LIBEAY32(?,?,1200CB70,?,?), ref: 12024BEC
                                                                                                                                                                                                            • Part of subcall function 12024BE0: EVP_MD_CTX_create.LIBEAY32(?,1200CB70,?,?), ref: 12024BFA
                                                                                                                                                                                                            • Part of subcall function 12024BE0: EVP_DigestInit_ex.LIBEAY32(00000000,1200CB70,00000000,?,1200CB70,?,?), ref: 12024C11
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000), ref: 12019569
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D1,00000044,.\ssl\t1_enc.c,000001FE,00000000), ref: 12019581
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?), ref: 120195B4
                                                                                                                                                                                                          • EVP_CipherInit_ex.LIBEAY32(?,?,00000000,?,00000000,?), ref: 120195DC
                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBEAY32(?,00000012,?,?), ref: 120195F1
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D1,00000041,.\ssl\t1_enc.c,00000274), ref: 1201966F
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,00000040), ref: 12019685
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,00000040,?,00000040), ref: 12019694
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,00000020,?,00000040,?,00000040), ref: 120196A0
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,00000020,?,00000020,?,00000040,?,00000040), ref: 120196AC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_cleanseX509_$E_get0_nameX_new$DigestI_get0_user_dataInit_exO_mallocR_put_errorX_createX_freeY_free$CipherInitSignT_get0_nameX_cleanupX_ctrlX_destroyX_initY_new_mac_key
                                                                                                                                                                                                          • String ID: .\ssl\t1_enc.c$IV block$client write key$server write key
                                                                                                                                                                                                          • API String ID: 2805114850-2198003478
                                                                                                                                                                                                          • Opcode ID: 87368a892905f0f2dfeb8c5c1dda7eb47587b4746c830cbd0676e73c45988929
                                                                                                                                                                                                          • Instruction ID: d90d7da467e942d370692ed1e4d3363b12f7b9bf44d29b05511deabff2142ae9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87368a892905f0f2dfeb8c5c1dda7eb47587b4746c830cbd0676e73c45988929
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB02A3B66043459FE315DF50CC85FABB7E4AB88708F144A2CEA8A9F281E770F544DB52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120162F0 Relevance: 59.8, APIs: 33, Strings: 1, Instructions: 323COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HMAC_CTX_init.LIBEAY32(?,?,?,?,12018912,?,?,?), ref: 1201633E
                                                                                                                                                                                                          • EVP_CIPHER_CTX_init.LIBEAY32(?,?,?,?,?,12018912,?,?,?), ref: 12016348
                                                                                                                                                                                                          • HMAC_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?), ref: 12016386
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?,?), ref: 12016390
                                                                                                                                                                                                          • EVP_sha256.LIBEAY32(00000000,?,?), ref: 120163E7
                                                                                                                                                                                                          • HMAC_Init_ex.LIBEAY32(?,?,00000010,00000000,00000000,?,?), ref: 120163FE
                                                                                                                                                                                                          • EVP_aes_128_cbc.LIBEAY32(00000000,?,0000000A,?,?,?,?,?,?,?), ref: 1201641B
                                                                                                                                                                                                          • EVP_DecryptInit_ex.LIBEAY32(?,00000000,00000000,?,0000000A,?,?,?,?,?,?,?), ref: 12016426
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1201643E
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 12016457
                                                                                                                                                                                                          • HMAC_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 12016473
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1201647D
                                                                                                                                                                                                          • HMAC_Update.LIBEAY32(?,-00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 120164AE
                                                                                                                                                                                                          • HMAC_Final.LIBEAY32(?,?,00000000), ref: 120164D0
                                                                                                                                                                                                          • HMAC_CTX_cleanup.LIBEAY32(?), ref: 120164E8
                                                                                                                                                                                                          • CRYPTO_memcmp.LIBEAY32(?,?,?,?), ref: 120164FE
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?), ref: 1201650F
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?), ref: 12016539
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?,?), ref: 1201654B
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\t1_lib.c,00000DFF,?,?), ref: 12016564
                                                                                                                                                                                                          • EVP_DecryptUpdate.LIBEAY32(?,00000000,?,?,?), ref: 12016587
                                                                                                                                                                                                          • EVP_DecryptFinal.LIBEAY32(?,?,?), ref: 120165A8
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?), ref: 120165B9
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,?), ref: 120165BF
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?), ref: 120165F1
                                                                                                                                                                                                          • d2i_SSL_SESSION.SSLEAY32(00000000,?,?,?), ref: 12016606
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,00000000,?,?,?), ref: 12016618
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?), ref: 120166C8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,?), ref: 120166CE
                                                                                                                                                                                                          • EVP_CIPHER_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?), ref: 120166DA
                                                                                                                                                                                                          • HMAC_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?), ref: 120166E7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_cleanup$DecryptO_freeX509_get_issuer_name$FinalInit_exUpdateX_init$D_sizeO_mallocO_memcmpP_aes_128_cbcP_sha256d2i_
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c
                                                                                                                                                                                                          • API String ID: 2898351744-2047370388
                                                                                                                                                                                                          • Opcode ID: 34e9d3e91298192f329cdb80befc4385001c7d6abcbb5198cf7860955b30e023
                                                                                                                                                                                                          • Instruction ID: 574f4a9c9ada1111f2817ca7e2358c2213a69731ee7a12704ad5252f9dc507e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34e9d3e91298192f329cdb80befc4385001c7d6abcbb5198cf7860955b30e023
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEB1A0B76043405FD361DB64DC41BFBB3E8AFC8716F444A2EE5498A240EB75F60897A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12018A40 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?), ref: 12018AA3
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_enc.c,000000AA,chunk >= 0), ref: 12018AC0
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?), ref: 12018ACD
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?,?), ref: 12018AD7
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?,?,?), ref: 12018AE1
                                                                                                                                                                                                          • EVP_MD_CTX_set_flags.LIBEAY32(?,00000008,?,?,?), ref: 12018AED
                                                                                                                                                                                                          • EVP_PKEY_new_mac_key.LIBEAY32(00000357,00000000,?,?,?,00000008,?,?,?), ref: 12018B02
                                                                                                                                                                                                          • EVP_DigestSignInit.LIBEAY32(?,00000000,?,00000000,00000000), ref: 12018B21
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?), ref: 12018B3B
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018B5D
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018B83
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018BA9
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018BCF
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018BF5
                                                                                                                                                                                                          • EVP_DigestSignFinal.LIBEAY32(?,?,?), ref: 12018C17
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?), ref: 12018C31
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018C53
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?), ref: 12018C78
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018C9A
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018CC0
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018CE6
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018D0C
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12018D2E
                                                                                                                                                                                                          • EVP_DigestSignFinal.LIBEAY32(?,?,?), ref: 12018D51
                                                                                                                                                                                                          • EVP_DigestSignFinal.LIBEAY32(?,?,?), ref: 12018D84
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?), ref: 12018D9A
                                                                                                                                                                                                          • EVP_DigestSignFinal.LIBEAY32(?,?,?), ref: 12018DBE
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(?), ref: 12018DED
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?,?), ref: 12018DF7
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?,?,?), ref: 12018E01
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?,?,?,?), ref: 12018E0B
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,00000040,?,?,?,?), ref: 12018E1A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Digest$Update$Sign$FinalX_copy_ex$X_cleanupX_init$D_sizeInitL_cleanseOpenX_set_flagsY_freeY_new_mac_key
                                                                                                                                                                                                          • String ID: .\ssl\t1_enc.c$chunk >= 0
                                                                                                                                                                                                          • API String ID: 2523695285-2139598294
                                                                                                                                                                                                          • Opcode ID: 53927f37be37dc65ed8b3dfe43320f376b23f39de8ded73f9ca7461b0f5db211
                                                                                                                                                                                                          • Instruction ID: b1fa4a4b0a0716049dc93f8e184774a4ffc320a6edf3368a2414a1d0fd5df758
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53927f37be37dc65ed8b3dfe43320f376b23f39de8ded73f9ca7461b0f5db211
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67A12DB75083415BE352CB64CC81FEBB3FDAF98705F044A1DFA859A140EA75E608DB62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12003B90 Relevance: 54.6, APIs: 30, Strings: 1, Instructions: 373COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?), ref: 12003BBE
                                                                                                                                                                                                          • X509_get_pubkey.LIBEAY32(?), ref: 12003C21
                                                                                                                                                                                                          • BIO_free.LIBEAY32(?), ref: 1200403C
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1200405C
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000,?), ref: 12004062
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeX509_get_pubkeyX_cleanupX_initY_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 804101390-3445611115
                                                                                                                                                                                                          • Opcode ID: 1330d0c421bb73840bb4a0040658afe23d59eee0fed962abaaed8ee892022075
                                                                                                                                                                                                          • Instruction ID: c6c4adceab5df25293b8a2ecee26b238cc9a80672a984d847b55c03a7943dc7a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1330d0c421bb73840bb4a0040658afe23d59eee0fed962abaaed8ee892022075
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AC11977A443416FF312DB10CC45FABB3A8AB14785F050728FA45AB1C2D774E944E7AA
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12024290 Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_add_lock.LIBEAY32(?,000000FF,00000010,.\ssl\ssl_lib.c,00000239), ref: 120242B2
                                                                                                                                                                                                          • X509_VERIFY_PARAM_free.LIBEAY32(?), ref: 120242CA
                                                                                                                                                                                                          • CRYPTO_free_ex_data.LIBEAY32(00000001,?,?), ref: 120242DC
                                                                                                                                                                                                          • BIO_pop.LIBEAY32(?), ref: 120242F3
                                                                                                                                                                                                          • BIO_free.LIBEAY32(?), ref: 12024302
                                                                                                                                                                                                          • BIO_free_all.LIBEAY32(?), ref: 12024319
                                                                                                                                                                                                          • BIO_free_all.LIBEAY32(?), ref: 1202432E
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1202433E
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 1202434E
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 1202435E
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(00000000,?), ref: 1202437C
                                                                                                                                                                                                          • EVP_MD_CTX_destroy.LIBEAY32(?), ref: 12024398
                                                                                                                                                                                                          • EVP_MD_CTX_destroy.LIBEAY32(?), ref: 120243B5
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 120243E5
                                                                                                                                                                                                          • SSL_CTX_free.SSLEAY32(?), ref: 120243F8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1202440B
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1202441E
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12024431
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,12031CE2), ref: 12024449
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,12031CEE), ref: 12024461
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12024474
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12024487
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,12031B44), ref: 1202449F
                                                                                                                                                                                                          • SSL_CTX_free.SSLEAY32(?), ref: 120244C2
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 120244D5
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 120244E8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 120244F1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$sk_freesk_pop_free$M_freeO_free_allX_destroyX_free$N_freeO_add_lockO_free_ex_dataO_popX509_
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 957874568-3333140318
                                                                                                                                                                                                          • Opcode ID: 3c30928d91165516b049b2d69e31e1ba184a4427a917d55327bc1c86a94ec413
                                                                                                                                                                                                          • Instruction ID: 81ba30732c33f11dec22837797e7737796e29988af1575bdd45a8fdd6bc42dc9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c30928d91165516b049b2d69e31e1ba184a4427a917d55327bc1c86a94ec413
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A51B3F7F007015BEA62CB719C44FA7B2FCAF04705F464A29E84AD7640EB24F114E262
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120198E0 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 375COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 12019918
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 1201992B
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?), ref: 12019931
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_enc.c,000002F9,n >= 0), ref: 1201994C
                                                                                                                                                                                                          • pqueue_peek.LIBEAY32(?), ref: 12019975
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?), ref: 12019996
                                                                                                                                                                                                          • X509_TRUST_get0_name.LIBEAY32(?), ref: 120199B1
                                                                                                                                                                                                          • _fprintf.LIBCMT ref: 120199E2
                                                                                                                                                                                                          • RAND_bytes.LIBEAY32(?,00000000), ref: 120199F1
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 12019A1E
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 12019A31
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?), ref: 12019A37
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_enc.c,00000318,n >= 0), ref: 12019A52
                                                                                                                                                                                                          • X509_TRUST_get_flags.LIBEAY32 ref: 12019AB2
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(00000000), ref: 12019ABE
                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBEAY32(?,00000016,0000000D,00000008), ref: 12019BA0
                                                                                                                                                                                                          • EVP_Cipher.LIBEAY32(?,?,?,?), ref: 12019C4A
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?,?,?,?,?), ref: 12019C58
                                                                                                                                                                                                          • X509_PURPOSE_get0_name.LIBEAY32(?), ref: 12019C98
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 12019CCD
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 12019CE0
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?), ref: 12019CE6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X509_$Y_get_object$E_get0_name$D_size$Open$CipherD_bytesT_get0_nameT_get_flagsX_ctrl_fprintfpqueue_peek
                                                                                                                                                                                                          • String ID: %s:%d: rec->data != rec->input$.\ssl\t1_enc.c$n >= 0
                                                                                                                                                                                                          • API String ID: 1325399572-3097570779
                                                                                                                                                                                                          • Opcode ID: 4e2af60942747acdcf65cdffdd4f966f9bd2b6003023bebe82854cbd0f18370e
                                                                                                                                                                                                          • Instruction ID: a4c6c17a66cacf18bb1f16c4ac611663db0d9e4fd3c866fe51b174c6857e216d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e2af60942747acdcf65cdffdd4f966f9bd2b6003023bebe82854cbd0f18370e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6D1D277A043458FD751CF68C8807ABB7E5BF88315F444A2DE9898B381EB35E904DB92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12007A00 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 335COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?), ref: 12007A2E
                                                                                                                                                                                                          • EVP_PKEY_CTX_new.LIBEAY32(?,00000000), ref: 12007A60
                                                                                                                                                                                                          • EVP_PKEY_sign_init.LIBEAY32(00000000), ref: 12007A77
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32 ref: 12007A87
                                                                                                                                                                                                          • EVP_PKEY_CTX_ctrl.LIBEAY32(00000000,000000FF,000000F8,00000001,00000000,00000000), ref: 12007A99
                                                                                                                                                                                                          • ERR_clear_error.LIBEAY32 ref: 12007AC3
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,00000003,00000000,?), ref: 12007AF6
                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBEAY32(?,?,00000000), ref: 12007B28
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 12007B43
                                                                                                                                                                                                          • EVP_SignFinal.LIBEAY32(?,?,?,?), ref: 12007B5E
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000099,00000044,.\ssl\s3_clnt.c,00000CD8), ref: 12007BA6
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 12007BB7
                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBEAY32(00000000,?), ref: 12007BBD
                                                                                                                                                                                                          • RSA_sign.LIBEAY32(00000072,?,00000024,?,?,?), ref: 12007C0D
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000099,00000004,.\ssl\s3_clnt.c,00000CF1), ref: 12007C2C
                                                                                                                                                                                                          • DSA_sign.LIBEAY32(?,?,00000014,?,?,?), ref: 12007C6F
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000099,0000000A,.\ssl\s3_clnt.c,00000CFE), ref: 12007C8E
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000099,00000044,.\ssl\s3_clnt.c,00000CC2), ref: 12007D71
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 12007DDB
                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBEAY32(00000000,?), ref: 12007DE1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$A_signDigestX_cleanupX_free$FinalInit_exO_ctrlP_sha1R_clear_errorSignUpdateX_ctrlX_initX_newY_sign_init
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c$@
                                                                                                                                                                                                          • API String ID: 3225417783-226317790
                                                                                                                                                                                                          • Opcode ID: 6ec0d1bca88231b59be31024274287a16e4b5415ee416c48a34a34d88009e0a8
                                                                                                                                                                                                          • Instruction ID: 965f076991b6b4b9d97097f4c348c9561c3f976f263918b324dbfa262b93db2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ec0d1bca88231b59be31024274287a16e4b5415ee416c48a34a34d88009e0a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C1D176604342AFF215CB10CC81FABB7F9AF88704F044A1DFA995B691E774E904D7A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200D380 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(00000000), ref: 1200D3D5
                                                                                                                                                                                                          • pqueue_peek.LIBEAY32(00000000,00000000), ref: 1200D3DB
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000011D,00000144,.\ssl\s3_enc.c,000002CF), ref: 1200D41D
                                                                                                                                                                                                            • Part of subcall function 1200D190: CRYPTO_malloc.LIBEAY32(00000018,.\ssl\s3_enc.c,00000273,?,00000000,12001BF2,?), ref: 1200D1B1
                                                                                                                                                                                                            • Part of subcall function 1200D190: ERR_put_error.LIBEAY32(00000014,00000125,00000041,.\ssl\s3_enc.c,00000275), ref: 1200D1E1
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?), ref: 1200D43E
                                                                                                                                                                                                          • EVP_MD_CTX_set_flags.LIBEAY32(?,00000008,?), ref: 1200D44A
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?,?,00000008,?), ref: 1200D455
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?,?,?,?,00000008,?), ref: 1200D45F
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?,?,?,?,00000008,?), ref: 1200D465
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200D48F
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200D4B2
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,1204E7B8,00000030), ref: 1200D4CD
                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBEAY32(?,?,?), ref: 1200D4EC
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?,00000000), ref: 1200D503
                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBEAY32(?,00000000,00000000), ref: 1200D511
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200D530
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,1204E7E8,00000030), ref: 1200D547
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200D562
                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBEAY32(?,?,?), ref: 1200D579
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000011D,00000044,.\ssl\s3_enc.c,000002E6), ref: 1200D598
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1200D5AD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Digest$Update$R_put_errorX509_Y_get_object$Final_ex$D_sizeInit_exO_mallocX_cleanupX_copy_exX_initX_set_flagspqueue_peek
                                                                                                                                                                                                          • String ID: .\ssl\s3_enc.c
                                                                                                                                                                                                          • API String ID: 598271980-1985432667
                                                                                                                                                                                                          • Opcode ID: baf64e41a67a1ec31a9994cba8b1d396334b1929270db575b59e34d5a2ddc504
                                                                                                                                                                                                          • Instruction ID: 22db6912a6df20f6024a1aaec7e7b765f0ebb5a4be6209c65d4c5117704b19ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: baf64e41a67a1ec31a9994cba8b1d396334b1929270db575b59e34d5a2ddc504
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6151A0BB5043016FE305CB64CC41FAFB3E9AB98745F444A2DFA4596240FA34F508EBA6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120063B0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_new_null.LIBEAY32 ref: 1200644D
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000090,00000041,.\ssl\s3_clnt.c,000004BD), ref: 1200646F
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000090,000000EF,.\ssl\s3_clnt.c,00000521,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 1200672E
                                                                                                                                                                                                          • CRYPTO_add_lock.LIBEAY32(00000010,00000001,00000003,.\ssl\s3_clnt.c,00000538), ref: 12006763
                                                                                                                                                                                                          • X509_free.LIBEAY32(?), ref: 12006781
                                                                                                                                                                                                          • X509_free.LIBEAY32(?), ref: 1200679F
                                                                                                                                                                                                          • CRYPTO_add_lock.LIBEAY32(00000010,00000001,00000003,.\ssl\s3_clnt.c,00000544), ref: 120067B9
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(?), ref: 12006821
                                                                                                                                                                                                          • X509_free.LIBEAY32(00003005,?), ref: 1200682B
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_000319EE,00003005,?), ref: 1200683A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X509_free$O_add_lockR_put_error$Y_freesk_new_nullsk_pop_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c
                                                                                                                                                                                                          • API String ID: 800983268-2155475665
                                                                                                                                                                                                          • Opcode ID: 7d559d877b3a98162e66678dc9e492ae8617ac4fb1574b901f6722d5c25a47d2
                                                                                                                                                                                                          • Instruction ID: 39272b103ee157adfe89867c244076aa74a34e1bae0fc1aba667e4a422780f87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d559d877b3a98162e66678dc9e492ae8617ac4fb1574b901f6722d5c25a47d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4C11072A04301AFF705CF14CC81FAAB7E5AB44345F254779F989AB282D670E904EB99
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202C370 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 228COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BIO_s_file.LIBEAY32 ref: 1202C3EB
                                                                                                                                                                                                          • BIO_new.LIBEAY32(00000000), ref: 1202C3F1
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,0000006C,00000003,?), ref: 1202C418
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000151,00000043,.\ssl\ssl_rsa.c,000003CB), ref: 1202C5FD
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1202C60A
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?), ref: 1202C614
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,?), ref: 1202C61E
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,?,?,?), ref: 1202C624
                                                                                                                                                                                                          • BIO_free.LIBEAY32(?), ref: 1202C639
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$O_ctrlO_newO_s_fileR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c$SERVERINFO FOR
                                                                                                                                                                                                          • API String ID: 775051240-3219124774
                                                                                                                                                                                                          • Opcode ID: 723326dd89cd46b0bc0e97c6e5adeaa4a9572f7e345192560a790b13e95b8819
                                                                                                                                                                                                          • Instruction ID: 6a0e5840066cde609769d04a4ad4edafa24e83e3d5e10efa35e02003f5114aea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723326dd89cd46b0bc0e97c6e5adeaa4a9572f7e345192560a790b13e95b8819
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F971E5B3648342AFD341DFA4CC80E6BB7E9AB88704F515B2EF585A7140EB70E6449B52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12022B10 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_add_lock.LIBEAY32(?,000000FF,0000000C,.\ssl\ssl_lib.c,0000084B), ref: 12022B2F
                                                                                                                                                                                                          • X509_VERIFY_PARAM_free.LIBEAY32(?), ref: 12022B4A
                                                                                                                                                                                                          • SSL_CTX_flush_sessions.SSLEAY32(?,00000000), ref: 12022B5B
                                                                                                                                                                                                          • CRYPTO_free_ex_data.LIBEAY32(00000002,?,?), ref: 12022B6D
                                                                                                                                                                                                          • lh_free.LIBEAY32(00000000), ref: 12022B7D
                                                                                                                                                                                                          • X509_STORE_free.LIBEAY32(?), ref: 12022B8D
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 12022B9D
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 12022BAD
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,12031B44), ref: 12022BD8
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_000319EE), ref: 12022BF0
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 12022C0D
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12022C20
                                                                                                                                                                                                          • SSL_CTX_SRP_CTX_free.SSLEAY32(?), ref: 12022C29
                                                                                                                                                                                                          • ENGINE_finish.LIBEAY32(?), ref: 12022C3C
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12022C6F
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12022C82
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12022C95
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12022C9E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$sk_free$X509_sk_pop_free$E_finishE_freeM_freeO_add_lockO_free_ex_dataX_flush_sessionsX_freelh_free
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 880251562-3333140318
                                                                                                                                                                                                          • Opcode ID: c43081cb0ffa2eb263c16f5f51c105138b752a58687ec3da726ad6ef121d2de0
                                                                                                                                                                                                          • Instruction ID: 81e015d417066b77526aef553310761e9362c742981bf3c7d502c32ba04e0a95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c43081cb0ffa2eb263c16f5f51c105138b752a58687ec3da726ad6ef121d2de0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E418CF7A007015FEB53DBB59C05FE7B2EC2F14705F950A29E85AE7240FA21F114A2A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12004080 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 335COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000089,000000C7,.\ssl\s3_srvr.c,00000CC0), ref: 1200410C
                                                                                                                                                                                                            • Part of subcall function 1200E440: SSL_CTX_remove_session.SSLEAY32(?,?), ref: 1200E48A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000089,000000E9,.\ssl\s3_srvr.c,00000CC9), ref: 12004150
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000089,00000106,.\ssl\s3_srvr.c,00000CD3), ref: 120041A5
                                                                                                                                                                                                          • X509_free.LIBEAY32(?), ref: 1200449F
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_000319EE), ref: 120044B5
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_000319EE), ref: 120044D6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$sk_pop_free$X509_freeX_remove_session
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 2042108797-3445611115
                                                                                                                                                                                                          • Opcode ID: 9554a1abda8772450c8a7ce6f5921dcf11a1fa195791ed579c8f96eabeccb1a7
                                                                                                                                                                                                          • Instruction ID: 0a773fd76867177ad757357980a83a36867f0808bca267e264cc54b14e0d28fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9554a1abda8772450c8a7ce6f5921dcf11a1fa195791ed579c8f96eabeccb1a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68B109B6B40300ABF701DB10DC82FAA7794EB44745F0A4779FE496F2C2D6719904D7AA
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200DBA0 Relevance: 28.8, APIs: 19, Instructions: 271COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 1200DC0E
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?), ref: 1200DC14
                                                                                                                                                                                                          • EVP_CIPHER_CTX_flags.LIBEAY32(?), ref: 1200DC78
                                                                                                                                                                                                          • EVP_MD_CTX_init.LIBEAY32(?), ref: 1200DD38
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?,?), ref: 1200DD5C
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200DD7B
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,1204E7B8,00000030), ref: 1200DD96
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,00000008), ref: 1200DDB2
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,00000001), ref: 1200DDCE
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,00000002), ref: 1200DDE6
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200DE03
                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBEAY32(?,?,00000000), ref: 1200DE1B
                                                                                                                                                                                                          • EVP_MD_CTX_copy_ex.LIBEAY32(?,?), ref: 1200DE31
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200DE50
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,1204E7E8,00000030), ref: 1200DE67
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1200DE7E
                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBEAY32(?,?,?), ref: 1200DE95
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1200DEAE
                                                                                                                                                                                                            • Part of subcall function 120111F0: X509_NAME_ENTRY_get_object.LIBEAY32(?,1200DC98,?), ref: 120111F5
                                                                                                                                                                                                            • Part of subcall function 120111F0: pqueue_peek.LIBEAY32(00000000,?,1200DC98,?), ref: 120111FB
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1200DECE
                                                                                                                                                                                                            • Part of subcall function 12011220: OpenSSLDie.LIBEAY32(.\ssl\s3_cbc.c,000001C7,data_plus_mac_plus_padding_size < 1024 * 1024,?,?,?,?), ref: 120112B5
                                                                                                                                                                                                            • Part of subcall function 12011220: X509_NAME_ENTRY_get_object.LIBEAY32(?,?,?,?,?), ref: 120112BE
                                                                                                                                                                                                            • Part of subcall function 12011220: pqueue_peek.LIBEAY32(00000000,?,?,?,?,?), ref: 120112C4
                                                                                                                                                                                                            • Part of subcall function 12011220: SHA_Init.LIBEAY32(?,?,?), ref: 120112F3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Digest$Update$X509_Y_get_object$Final_exX_cleanupX_copy_expqueue_peek$D_sizeInitOpenX_flagsX_init
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2514736885-0
                                                                                                                                                                                                          • Opcode ID: ff9630bf00b5e40104762658c507a2b0cb71fc0663a14587522890d05e216d4a
                                                                                                                                                                                                          • Instruction ID: f671802bc11c5cab8b725b136d7fb0d547f7d404842ea41751837e9905fa1d2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff9630bf00b5e40104762658c507a2b0cb71fc0663a14587522890d05e216d4a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A91A1B75083829FE314DB64DC40FABB3E9EF98345F044A6DF98587241E634E509DBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12025000 Relevance: 28.7, APIs: 19, Instructions: 231COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_new.SSLEAY32(?), ref: 1202500E
                                                                                                                                                                                                            • Part of subcall function 12024C40: ERR_put_error.LIBEAY32(00000014,000000BA,000000C3,.\ssl\ssl_lib.c,0000012B), ref: 12024C5F
                                                                                                                                                                                                          • SSL_copy_session_id.SSLEAY32(00000000,?), ref: 1202503F
                                                                                                                                                                                                          • X509_VERIFY_PARAM_get_depth.LIBEAY32(?), ref: 12025103
                                                                                                                                                                                                          • X509_VERIFY_PARAM_set_depth.LIBEAY32(?,00000000,?), ref: 1202510D
                                                                                                                                                                                                          • CRYPTO_dup_ex_data.LIBEAY32(00000001,000000F0,?,?,00000000,?), ref: 12025146
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000C,00000000,0000000C), ref: 12025165
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000C,00000000,00000010), ref: 12025189
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlX509_$L_copy_session_idL_newM_get_depthM_set_depthO_dup_ex_dataR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4256526275-0
                                                                                                                                                                                                          • Opcode ID: 448ed8c9fbb9e611e83d7d880d269fe1ac8d1f360b8cb0e6754389639ae37a59
                                                                                                                                                                                                          • Instruction ID: efbecbf828e3f002354a74056d8518134caf88136510e2c07e40203a3d7ee5f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 448ed8c9fbb9e611e83d7d880d269fe1ac8d1f360b8cb0e6754389639ae37a59
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61811DB6A00B02AFD359CF65D880AA6F7E5BF49300F508A2ED95E83740E731F854DB95
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202CB60 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BIO_s_file.LIBEAY32 ref: 1202CB72
                                                                                                                                                                                                          • BIO_new.LIBEAY32(00000000), ref: 1202CB78
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000AD,00000007,.\ssl\ssl_rsa.c,000001CF), ref: 1202CB99
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,0000006C,00000003,?), ref: 1202CBB1
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000AD,00000002,.\ssl\ssl_rsa.c,000001D4), ref: 1202CBD0
                                                                                                                                                                                                          • BIO_free.LIBEAY32(00000000), ref: 1202CBD9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$O_ctrlO_freeO_newO_s_file
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 3280554936-614043423
                                                                                                                                                                                                          • Opcode ID: d1e2a1cec1042e05b7c7eec9bb6a850c949dafd8eade73ad4bece3ddca9a9b0a
                                                                                                                                                                                                          • Instruction ID: b083fcf96847af42e8c9a81175b7fa4be8368a5bcf2b7cfded1dab27eee96448
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1e2a1cec1042e05b7c7eec9bb6a850c949dafd8eade73ad4bece3ddca9a9b0a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1031EC7BB802002FE101D358AC42FBBB3A48FC5B22F154637F646AA181D561F91562A3
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12025A70 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,120043BF,?,?), ref: 12025AAD
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000,?), ref: 12025ABC
                                                                                                                                                                                                          • X509_STORE_CTX_init.LIBEAY32(?,?,00000000,?,?,00000000,?), ref: 12025AC9
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000CF,0000000B,.\ssl\ssl_cert.c,000002D6,?,?,?,?,?,?,?), ref: 12025AE8
                                                                                                                                                                                                          • X509_STORE_CTX_set_flags.LIBEAY32(?,?,?,?,?,?,?,?,?), ref: 12025B11
                                                                                                                                                                                                          • SSL_get_ex_data_X509_STORE_CTX_idx.SSLEAY32(?,?,?,?,?,?,?,?,?,?), ref: 12025B1A
                                                                                                                                                                                                            • Part of subcall function 120252C0: CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\ssl_cert.c,00000094,00000000,120245F9), ref: 120252E2
                                                                                                                                                                                                            • Part of subcall function 120252C0: X509_STORE_CTX_get_ex_new_index.LIBEAY32(00000000,SSL for verify callback,00000000,00000000,00000000), ref: 12025301
                                                                                                                                                                                                            • Part of subcall function 120252C0: CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\ssl_cert.c,0000009B), ref: 12025322
                                                                                                                                                                                                          • X509_STORE_CTX_set_ex_data.LIBEAY32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 12025B25
                                                                                                                                                                                                          • X509_STORE_CTX_set_default.LIBEAY32(?,ssl_client,?,?,?,?,?,?,?,?,?,?,?,?), ref: 12025B43
                                                                                                                                                                                                          • X509_VERIFY_PARAM_get_flags.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 12025B54
                                                                                                                                                                                                          • X509_VERIFY_PARAM_set1.LIBEAY32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 12025B5D
                                                                                                                                                                                                          • X509_VERIFY_PARAM_set_depth.LIBEAY32(?,?), ref: 12025B75
                                                                                                                                                                                                          • X509_verify_cert.LIBEAY32(?), ref: 12025B9F
                                                                                                                                                                                                          • X509_STORE_CTX_cleanup.LIBEAY32(?), ref: 12025BB8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X509_$O_lock$L_get_ex_data_M_get_flagsM_set1M_set_depthR_put_errorX509_verify_certX_cleanupX_get_ex_new_indexX_idxX_initX_set_defaultX_set_ex_dataX_set_flagssk_numsk_value
                                                                                                                                                                                                          • String ID: .\ssl\ssl_cert.c$ssl_client$ssl_server
                                                                                                                                                                                                          • API String ID: 3995431402-2548101035
                                                                                                                                                                                                          • Opcode ID: f6d4ca299f5efbc28f7da2d6d2c984b125f468b1d0f2f2ea056573297df129d8
                                                                                                                                                                                                          • Instruction ID: 623950627c98f009f281b5489f962853935435bc16ab915ca9a2614388cd0af3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d4ca299f5efbc28f7da2d6d2c984b125f468b1d0f2f2ea056573297df129d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD31E9BB6003015FD316DB64DC41FEBB3E8AF88701F448A2EF95697240EA36F5099762
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12011B60 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 467COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\s23_srvr.c,00000196,s->version <= TLS_MAX_VERSION), ref: 12011C1B
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12011E59
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12011E6D
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12011E81
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12011E95
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12011EA9
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000076,000000FC,.\ssl\s23_srvr.c,00000283), ref: 120121AF
                                                                                                                                                                                                            • Part of subcall function 120132E0: BIO_read.LIBEAY32(?,?,?,00000000,?,?,12011F04,?,5F9859FB), ref: 12013308
                                                                                                                                                                                                            • Part of subcall function 120132E0: BIO_read.LIBEAY32(?,?,?), ref: 12013347
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _strncmp$O_read$OpenR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s23_srvr.c$CONNECT$GET $HEAD $POST $PUT $s->version <= TLS_MAX_VERSION
                                                                                                                                                                                                          • API String ID: 4149642059-1747794495
                                                                                                                                                                                                          • Opcode ID: 32403b462dbee586ae720239c6d03385729fb9a202f3a1989314b9b2201f9fd3
                                                                                                                                                                                                          • Instruction ID: 617b0e1e962c56c67ba5e20cd9a8c88693e5662104ef47b83a661c8e38ab2ea2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32403b462dbee586ae720239c6d03385729fb9a202f3a1989314b9b2201f9fd3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D0214B6A04392AFE31ACF24CC44B96FBE1BF54304F048629ED855F282D3B5E155EB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200B3E0 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D5,00000004,.\ssl\s3_lib.c,00000CA3), ref: 1200B42A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_lib.c
                                                                                                                                                                                                          • API String ID: 1767461275-3880942756
                                                                                                                                                                                                          • Opcode ID: 71be670b809da2a98ad0448cd3d7749d08eb3165c2493047dc0dec27369f8bd3
                                                                                                                                                                                                          • Instruction ID: 9e82a8e877a5ba16624dcf57708185b7a0eb2845c05ec824b86c36a96d1f252b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71be670b809da2a98ad0448cd3d7749d08eb3165c2493047dc0dec27369f8bd3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0C114B77457014BF200DF68E880BEAB3E1E7C436BF14463AF649E7240E632E905A745
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201D0D0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • pqueue_size.LIBEAY32(?), ref: 1201D0E7
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(0000003C,.\ssl\d1_pkt.c,000000FD), ref: 1201D106
                                                                                                                                                                                                          • pitem_new.LIBEAY32(?,00000000,0000003C,.\ssl\d1_pkt.c,000000FD), ref: 1201D113
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000F7,00000044,.\ssl\d1_pkt.c,00000120), ref: 1201D1E8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201D1F8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000), ref: 1201D201
                                                                                                                                                                                                          • pqueue_free.LIBEAY32(?,00000000), ref: 1201D207
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$O_mallocR_put_errorpitem_newpqueue_freepqueue_size
                                                                                                                                                                                                          • String ID: .\ssl\d1_pkt.c
                                                                                                                                                                                                          • API String ID: 4281507345-285292661
                                                                                                                                                                                                          • Opcode ID: 67a7fa22c3b1d66523077ec60a7af9de1560486612dd5f6775c2c99883b54869
                                                                                                                                                                                                          • Instruction ID: 4ec22ac1701ed2814924643d6e5f2769eec386d18b622d629af4640e408de654
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67a7fa22c3b1d66523077ec60a7af9de1560486612dd5f6775c2c99883b54869
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4551C5B6A403009FD709DF18EC80EAAB7E4AF58311F1586BAF9199F391DA35E400DA55
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120313B0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SRP_Verify_B_mod_N.LIBEAY32(?,?,?,?,?), ref: 120313E4
                                                                                                                                                                                                          • SRP_Calc_u.LIBEAY32(?,?,?), ref: 12031409
                                                                                                                                                                                                          • SRP_Calc_x.LIBEAY32(?,?,00000000), ref: 12031453
                                                                                                                                                                                                          • SRP_Calc_client_key.LIBEAY32(?,?,?,?,?,?), ref: 1203148D
                                                                                                                                                                                                          • BN_num_bits.LIBEAY32(00000000), ref: 1203149C
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(-00000007,.\ssl\tls_srp.c,00000191,00000000), ref: 120314BA
                                                                                                                                                                                                          • BN_bn2bin.LIBEAY32(00000000,00000000), ref: 120314CA
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(00000000,-00000007), ref: 120314E8
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,00000000,-00000007), ref: 120314EE
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(00000000), ref: 120314FB
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(?,00000000), ref: 12031505
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(00000000,00000001), ref: 12031521
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,00000000,00000001), ref: 12031527
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(?), ref: 12031534
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_clear_free$L_cleanseO_free$B_mod_Calc_client_keyCalc_uCalc_xN_bn2binN_num_bitsO_mallocVerify_
                                                                                                                                                                                                          • String ID: .\ssl\tls_srp.c
                                                                                                                                                                                                          • API String ID: 2586719652-3972901604
                                                                                                                                                                                                          • Opcode ID: 8901fd453ab15e7a515ece269b964edcc377c20c7a99ba75c0ed192b14e91c72
                                                                                                                                                                                                          • Instruction ID: 81b82b2c827c2d5c166b086f3bcdf896ef28b50fc9064763aa5be6b636b1c803
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8901fd453ab15e7a515ece269b964edcc377c20c7a99ba75c0ed192b14e91c72
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61415CB76007016FD252DB64DC80EBBB3E9AFC9711F144A1CF99A83301EA35E9069762
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12026050 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,00000018,.\ssl\ssl_cert.c,000003F5), ref: 12026092
                                                                                                                                                                                                          • OPENSSL_DIR_read.LIBEAY32(?,?,00000009,00000018,.\ssl\ssl_cert.c,000003F5), ref: 1202609D
                                                                                                                                                                                                          • BIO_snprintf.LIBEAY32(?,00000400,%s/%s,?,00000000), ref: 120260EF
                                                                                                                                                                                                          • SSL_add_file_cert_subjects_to_stack.SSLEAY32(?,?), ref: 12026110
                                                                                                                                                                                                          • OPENSSL_DIR_read.LIBEAY32(?,?), ref: 12026126
                                                                                                                                                                                                          • GetLastError.KERNEL32(.\ssl\ssl_cert.c,0000040E), ref: 1202614A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000002,0000000A,00000000), ref: 12026155
                                                                                                                                                                                                          • ERR_add_error_data.LIBEAY32(00000003,OPENSSL_DIR_read(&ctx, ',?,1204152C,00000002,0000000A,00000000), ref: 12026167
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D7,00000002,.\ssl\ssl_cert.c,00000410,00000003,OPENSSL_DIR_read(&ctx, ',?,1204152C,00000002,0000000A,00000000), ref: 1202617F
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D7,0000010E,.\ssl\ssl_cert.c,000003FF), ref: 1202619F
                                                                                                                                                                                                          • OPENSSL_DIR_end.LIBEAY32 ref: 120261C0
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,00000018,.\ssl\ssl_cert.c,00000419), ref: 120261D6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$O_lockR_read$ErrorL_add_file_cert_subjects_to_stackLastO_snprintfR_add_error_dataR_end
                                                                                                                                                                                                          • String ID: %s/%s$.\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
                                                                                                                                                                                                          • API String ID: 2099322235-4005729725
                                                                                                                                                                                                          • Opcode ID: 2bf11039d33400df31a4a352c5ca8830e7a86423c1ea050b39445a42b3535a71
                                                                                                                                                                                                          • Instruction ID: bfa269c09ad04ac578cd0c8f50df8c0252602b569c587e7cb82e5b894825fff3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bf11039d33400df31a4a352c5ca8830e7a86423c1ea050b39445a42b3535a71
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E4150BBB403416FF311C750CC82FFAB3D4AB48709F44472EF745661C2EA71A505A1A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12012A90 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 241COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 120132E0: BIO_read.LIBEAY32(?,?,?,00000000,?,?,12011F04,?,5F9859FB), ref: 12013308
                                                                                                                                                                                                            • Part of subcall function 120132E0: BIO_read.LIBEAY32(?,?,?), ref: 12013347
                                                                                                                                                                                                          • SSLv3_client_method.SSLEAY32 ref: 12012B4E
                                                                                                                                                                                                          • TLSv1_client_method.SSLEAY32 ref: 12012B6C
                                                                                                                                                                                                          • TLSv1_1_client_method.SSLEAY32 ref: 12012B8A
                                                                                                                                                                                                          • TLSv1_2_client_method.SSLEAY32 ref: 12012BB0
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\s23_clnt.c,00000307,s->version <= TLS_MAX_VERSION), ref: 12012BD9
                                                                                                                                                                                                          • SSL_connect.SSLEAY32 ref: 12012D01
                                                                                                                                                                                                          • TLSv1_2_client_method.SSLEAY32 ref: 12012D38
                                                                                                                                                                                                          • TLSv1_1_client_method.SSLEAY32 ref: 12012D45
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000077,00000102,.\ssl\s23_clnt.c,000002FF), ref: 12012D7A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000077,000000FC,.\ssl\s23_clnt.c,0000033B), ref: 12012DB4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_readR_put_errorSv1_1_client_methodSv1_2_client_method$L_connectLv3_client_methodOpenSv1_client_method
                                                                                                                                                                                                          • String ID: .\ssl\s23_clnt.c$s->version <= TLS_MAX_VERSION
                                                                                                                                                                                                          • API String ID: 3050789455-3156374052
                                                                                                                                                                                                          • Opcode ID: c51c70f249c027df4740180eb110df77d7c07bcaec22bc6d4d4a5ca94dfc182e
                                                                                                                                                                                                          • Instruction ID: ee51861cdbab8222b260417ed615ce72719b3b1cc7076328fe5c6c89206fdda8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c51c70f249c027df4740180eb110df77d7c07bcaec22bc6d4d4a5ca94dfc182e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD9104B6A04752AFE322CF21C856BA6B7E5AF44314F00871EE9994F6C1D7B4F090E752
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120262B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBEAY32(?,0000000A), ref: 1202632A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000013E,0000000B,.\ssl\ssl_cert.c,00000465,?,?,?,?,?,00000000), ref: 12026349
                                                                                                                                                                                                          • X509_STORE_CTX_init.LIBEAY32(?,?,00000000,00000000,?,00000000), ref: 1202639E
                                                                                                                                                                                                          • X509_verify_cert.LIBEAY32(?,?,?,?,?,?,00000000), ref: 120263BD
                                                                                                                                                                                                          • ERR_clear_error.LIBEAY32(?,?,?,?,?,?,00000000), ref: 120263C2
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,?,00000000), ref: 120263CE
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 12026404
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000,?,?,?,?,?,?,?,00000000), ref: 120263E6
                                                                                                                                                                                                            • Part of subcall function 12026200: i2d_X509.LIBEAY32(00000000,00000000,?,00000000,12026443,?,?,00000000,?,?,00000000), ref: 12026213
                                                                                                                                                                                                            • Part of subcall function 12026200: BUF_MEM_grow_clean.LIBEAY32(12026443,00000003,?,00000000,?,?,00000000), ref: 12026229
                                                                                                                                                                                                            • Part of subcall function 12026200: i2d_X509.LIBEAY32(00000000), ref: 12026263
                                                                                                                                                                                                            • Part of subcall function 12026200: ERR_put_error.LIBEAY32(00000014,0000013F,00000007,.\ssl\ssl_cert.c,00000426,?,00000000,?,?,00000000), ref: 12026297
                                                                                                                                                                                                          • X509_STORE_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,00000000), ref: 12026415
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,00000000), ref: 12026420
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000,?,?,00000000), ref: 12026432
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,00000000), ref: 12026450
                                                                                                                                                                                                          • X509_STORE_CTX_cleanup.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 12026471
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$X509_$M_grow_cleanR_put_errorX509X_cleanupi2d_sk_value$R_clear_errorX509_verify_certX_init
                                                                                                                                                                                                          • String ID: .\ssl\ssl_cert.c
                                                                                                                                                                                                          • API String ID: 3599936654-3404700246
                                                                                                                                                                                                          • Opcode ID: 789a45595424ffe7e9fd078b1bcd92d7336cb88c574151041d689a57ad47566b
                                                                                                                                                                                                          • Instruction ID: a16eb26beae032c67430e0d04c31316e19e2a6421e40d4ca674e7acaf1ead161
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 789a45595424ffe7e9fd078b1bcd92d7336cb88c574151041d689a57ad47566b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1141E9BB7003415FD341CB60DD80BEBB3E8AB94715F884A3AEE5987241E676F4099652
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202BAC0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_get_pubkey.LIBEAY32(?,?,?,1202C6C2,00000000), ref: 1202BAC7
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000BF,0000010C,.\ssl\ssl_rsa.c,0000018F,00000000), ref: 1202BAEB
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000BF,000000F7,.\ssl\ssl_rsa.c,00000195,?,?,00000000), ref: 1202BB1C
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000,00000014,000000BF,000000F7,.\ssl\ssl_rsa.c,00000195,?,?,00000000), ref: 1202BB22
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$X509_get_pubkeyY_free
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 254201522-614043423
                                                                                                                                                                                                          • Opcode ID: 07a197b9765af398d3aadd8343509e4a139451729c0802e2575f59e5134b4d32
                                                                                                                                                                                                          • Instruction ID: 3506ab72a6b44f729654de941a1a70ec4cfb216a87f5c2b10f116e838cbe6f8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07a197b9765af398d3aadd8343509e4a139451729c0802e2575f59e5134b4d32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E521E6B7A407016FE742DB649C41FBBB3B89B44706F040639FE099A181FB71F510A761
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120173C0 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_chain_check_suiteb.LIBEAY32(00000000,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 120174E0
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,?,?,000000FF), ref: 120175D7
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 120175E9
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 120175FF
                                                                                                                                                                                                            • Part of subcall function 12013E80: X509_get_pubkey.LIBEAY32(?,?,?,12017645,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 12013E95
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 120176C1
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 1201770F
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 12017722
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 1201773A
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 12017765
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 12017777
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 1201778E
                                                                                                                                                                                                          • X509_certificate_type.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 120177DD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$sk_value$X509_certificate_typeX509_chain_check_suitebX509_get_pubkey
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 682326728-2766056989
                                                                                                                                                                                                          • Opcode ID: 85966b93e9e3266a74109c523ebb64088ec05ade9c814ee78e90d8f0829062c6
                                                                                                                                                                                                          • Instruction ID: 2fbf94b48da3daa701723cb3b65e78e95cbbb8deeb5f14ec2c029e9554795e62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85966b93e9e3266a74109c523ebb64088ec05ade9c814ee78e90d8f0829062c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E1B577A443428BD70ECE14C884BABB6D4BB84718F000B2DEC559B2B1D774E948E792
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201A380 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\t1_enc.c,000004C3), ref: 1201A39F
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\t1_enc.c,000004D1), ref: 1201A3DB
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000013A,00000041,.\ssl\t1_enc.c,0000050D), ref: 1201A3FC
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000), ref: 1201A5DB
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000), ref: 1201A5E8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_malloc$R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\t1_enc.c$client finished$key expansion$master secret$server finished
                                                                                                                                                                                                          • API String ID: 3736327811-3288890549
                                                                                                                                                                                                          • Opcode ID: f42fcb91f2a645b90f6ab023921ee13368050cf6e12c642ca07baf09b0593246
                                                                                                                                                                                                          • Instruction ID: 7c2c3a12d2de8a80685d05224c17059ab1ea30b7ad9c0e49f56e3ad198e17744
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f42fcb91f2a645b90f6ab023921ee13368050cf6e12c642ca07baf09b0593246
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6612973E042845FE312CB248845BAB7BE2EB85314F4A46A8ED853F341D621FD85D791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201C8D0 Relevance: 22.6, APIs: 15, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?), ref: 1201C8DB
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C8FB
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C907
                                                                                                                                                                                                          • pqueue_free.LIBEAY32(00000000,?), ref: 1201C90D
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?,00000000,?), ref: 1201C91C
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?), ref: 1201C934
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C94D
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C959
                                                                                                                                                                                                          • pqueue_free.LIBEAY32(00000000,?), ref: 1201C95F
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?,00000000,?), ref: 1201C96E
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?), ref: 1201C986
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C99F
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201C9AB
                                                                                                                                                                                                          • pqueue_free.LIBEAY32(00000000,?), ref: 1201C9B1
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?,00000000,?), ref: 1201C9C0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freepqueue_pop$pqueue_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2595648820-0
                                                                                                                                                                                                          • Opcode ID: 790fc77eb44bf5a8f960dae9b4526b68ed6fc7df742bd9536694abecf20a3a75
                                                                                                                                                                                                          • Instruction ID: d00becd74a0f39f822423fd742fd9820cc5ee27e668966a69db936cb27737f50
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 790fc77eb44bf5a8f960dae9b4526b68ed6fc7df742bd9536694abecf20a3a75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C31B47BA006115BC262D760C888FAFB3E46F09310B094B28EC595F714E738F952E7E2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200FA60 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 427COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\s3_pkt.c,0000028A,s->s3->wnum <= INT_MAX), ref: 1200FA96
                                                                                                                                                                                                          • SSL_state.SSLEAY32(?), ref: 1200FAB6
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000009E,000000E5,.\ssl\s3_pkt.c,00000293,?,000021D1), ref: 1200FAF4
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 1200FC48
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?,?,000021D1), ref: 1200FC5B
                                                                                                                                                                                                          • EVP_CIPHER_CTX_flags.LIBEAY32(?), ref: 1200FD67
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?,?,000021D1), ref: 1200FD80
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000068,0000008D,.\ssl\s3_pkt.c,000003F8,?,000021D1), ref: 1200FDCE
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?,?,000021D1), ref: 1200FC61
                                                                                                                                                                                                            • Part of subcall function 1200E210: SetLastError.KERNEL32(00000000,80000000), ref: 1200E262
                                                                                                                                                                                                            • Part of subcall function 1200E210: BIO_write.LIBEAY32(?,?,?), ref: 1200E287
                                                                                                                                                                                                            • Part of subcall function 1200E210: ERR_put_error.LIBEAY32(00000014,0000009F,00000080,.\ssl\s3_pkt.c,0000045B), ref: 1200E2A7
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000009E,0000010F,.\ssl\s3_pkt.c,000002A2,?,000021D1), ref: 1200FF84
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$X509_Y_get_object$D_sizeErrorL_stateLastO_writeOpenX509_get_issuer_nameX_flags
                                                                                                                                                                                                          • String ID: .\ssl\s3_pkt.c$s->s3->wnum <= INT_MAX
                                                                                                                                                                                                          • API String ID: 663342747-654347666
                                                                                                                                                                                                          • Opcode ID: edc1860676de84eeddedb09026c4481be7b8d48a7b72efaaacb70dc3947df475
                                                                                                                                                                                                          • Instruction ID: 04372e43f71802c1bf35446a703f16f1882f6a40b0e8459c1562bce7bac1fccd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: edc1860676de84eeddedb09026c4481be7b8d48a7b72efaaacb70dc3947df475
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF102766047429FF301CF28C888BA6B7E1BF84358F04472DE88987391DB75E945EB96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201A050 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 215COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 1201A0B8
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?), ref: 1201A0BE
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_enc.c,00000405,t >= 0), ref: 1201A0DB
                                                                                                                                                                                                          • EVP_MD_CTX_copy.LIBEAY32(?,?), ref: 1201A0F8
                                                                                                                                                                                                            • Part of subcall function 12011220: OpenSSLDie.LIBEAY32(.\ssl\s3_cbc.c,000001C7,data_plus_mac_plus_padding_size < 1024 * 1024,?,?,?,?), ref: 120112B5
                                                                                                                                                                                                            • Part of subcall function 12011220: X509_NAME_ENTRY_get_object.LIBEAY32(?,?,?,?,?), ref: 120112BE
                                                                                                                                                                                                            • Part of subcall function 12011220: pqueue_peek.LIBEAY32(00000000,?,?,?,?,?), ref: 120112C4
                                                                                                                                                                                                            • Part of subcall function 12011220: SHA_Init.LIBEAY32(?,?,?), ref: 120112F3
                                                                                                                                                                                                          • EVP_CIPHER_CTX_flags.LIBEAY32(?), ref: 1201A1DA
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1201A23B
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,0000000D), ref: 1201A261
                                                                                                                                                                                                          • EVP_DigestUpdate.LIBEAY32(?,?,?), ref: 1201A276
                                                                                                                                                                                                          • EVP_DigestSignFinal.LIBEAY32(?,?,?), ref: 1201A28D
                                                                                                                                                                                                          • EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1201A2A5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Digest$OpenUpdateX509_X_cleanupY_get_object$D_sizeFinalInitSignX_copyX_flagspqueue_peek
                                                                                                                                                                                                          • String ID: .\ssl\t1_enc.c$t >= 0
                                                                                                                                                                                                          • API String ID: 4021478592-2679512843
                                                                                                                                                                                                          • Opcode ID: 11bafd55420687f7702203f5e037bc5d373e010c1f83e398a2ed20eb327d7248
                                                                                                                                                                                                          • Instruction ID: 41ac478e9e7dd49ebdebf94eb5c2b7339a435ad9f63613f03b892dcabffd9d71
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11bafd55420687f7702203f5e037bc5d373e010c1f83e398a2ed20eb327d7248
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F817CB66083819FC305CF68C880BABB7F5BF99304F144A2DF9958B241E735E948DB52
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120158F0 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 465COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,?,?,12016298,12006201,12006201,?,FFFFFFFF,?,12006201,?,?,?), ref: 1201592E
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12015A7B
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(12006201,.\ssl\t1_lib.c,00000AB2), ref: 12015A8E
                                                                                                                                                                                                          • SSL_ctrl.SSLEAY32(?,00000020,00000000,00000000), ref: 12015B08
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,12006201,?,?,?), ref: 12015BEB
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\t1_lib.c,00000B1E,?,?,12006201,?,?,?), ref: 12015C00
                                                                                                                                                                                                          • BUF_strdup.LIBEAY32(?), ref: 12015DEF
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000141,00000152,.\ssl\t1_lib.c,00000B9B), ref: 12015F12
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$O_malloc$F_strdupL_ctrlR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c
                                                                                                                                                                                                          • API String ID: 1794571826-2047370388
                                                                                                                                                                                                          • Opcode ID: f44e2106c22d7af2de106513a3fdf915d9eaece8660af7d25167811c585512b6
                                                                                                                                                                                                          • Instruction ID: 57152967bee781843a1e4c28a99c30611a778a7a527a2df499750a579e0004e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f44e2106c22d7af2de106513a3fdf915d9eaece8660af7d25167811c585512b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF12572A043419FD315CF24E884BEBBBE4EF84318F88066DE9998F241D736E545EB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201FBD0 Relevance: 19.6, APIs: 13, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,00000031,00000000,00000000), ref: 1201FBE3
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000), ref: 1201FBEC
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,00000031,00000000,00000000), ref: 1201FC1B
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000), ref: 1201FC24
                                                                                                                                                                                                          • SSL_ctrl.SSLEAY32(?,00000020,00000000,00000000), ref: 1201FC49
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,00000028,00000000,00000000), ref: 1201FC63
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,00000000), ref: 1201FC6C
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,00000031,00000000,00000000), ref: 1201FC84
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,00000000), ref: 1201FC8D
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,00000031,00000000,00000000), ref: 1201FCAE
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,00000000), ref: 1201FCB7
                                                                                                                                                                                                          • SSL_get_wbio.SSLEAY32(?,0000002A,?,00000000), ref: 1201FCDE
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,00000000), ref: 1201FCE7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_get_wbioO_ctrl$L_ctrl
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1073945668-0
                                                                                                                                                                                                          • Opcode ID: 1c721d55027b8bc242048e8795590909e34420e23a4e9cc212c6c9861306fa09
                                                                                                                                                                                                          • Instruction ID: c519e4a0b379f4d3b8fba617ca3c5825799b014d4c567904ff629bd1be581dd6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c721d55027b8bc242048e8795590909e34420e23a4e9cc212c6c9861306fa09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0314979A407003FF351D6288C0AF7AB3949B5430AF244A7AF90D6F2C6F5F9B1419649
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201D8C0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 202COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000101,00000092,.\ssl\d1_pkt.c,00000260), ref: 1201DB05
                                                                                                                                                                                                            • Part of subcall function 1200E440: SSL_CTX_remove_session.SSLEAY32(?,?), ref: 1200E48A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errorX_remove_session
                                                                                                                                                                                                          • String ID: .\ssl\d1_pkt.c$@$mac_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                                                          • API String ID: 456774654-2169613476
                                                                                                                                                                                                          • Opcode ID: 0c8fbbe2e351721e0905075f3aeaf10c86b57229266261e0860841a899372c6d
                                                                                                                                                                                                          • Instruction ID: 6e89f3ba014863254f45d960eea2177c2e160c991d7ce504a6c6032a2583f881
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c8fbbe2e351721e0905075f3aeaf10c86b57229266261e0860841a899372c6d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A86118B7A44301AFE310EB74DC81BABF3E4BB44705F408A29E6598B281E775F514DB92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120278B0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_SESSION_new.SSLEAY32(?,?,00000008,1200134B,?,00000001), ref: 120278C2
                                                                                                                                                                                                            • Part of subcall function 12026DE0: CRYPTO_malloc.LIBEAY32(000000F4,.\ssl\ssl_sess.c,000000C4), ref: 12026DF1
                                                                                                                                                                                                            • Part of subcall function 12026DE0: ERR_put_error.LIBEAY32(00000014,000000BD,00000041,.\ssl\ssl_sess.c,000000C6), ref: 12026E14
                                                                                                                                                                                                          • SSL_get_default_timeout.SSLEAY32(?,?,?,?,00000008,1200134B,?,00000001), ref: 120278E9
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(?,?,?,?,00000008,1200134B,?,00000001), ref: 12027902
                                                                                                                                                                                                          • BUF_strdup.LIBEAY32(?), ref: 12027A62
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000B5,00000044,.\ssl\ssl_sess.c,00000215,?,?,?,00000008,1200134B,?,00000001), ref: 12027ABE
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(00000000,00000014,000000B5,00000044,.\ssl\ssl_sess.c,00000215,?,?,?,00000008,1200134B,?,00000001), ref: 12027AC4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_freeR_put_error$F_strdupL_get_default_timeoutN_newO_malloc
                                                                                                                                                                                                          • String ID: .\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 4023725585-1959455021
                                                                                                                                                                                                          • Opcode ID: 6b1fa284865b60ff6a747cc1ac470cf304216af373077dc899b22db9139b4578
                                                                                                                                                                                                          • Instruction ID: fc203b012bc6d13d2a3cd1a70633238897cda1378ccec17aa12cc617ee54bb4e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b1fa284865b60ff6a747cc1ac470cf304216af373077dc899b22db9139b4578
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1051A1B3640342AEE729CE64CC80BEAF3E4AB58714F900B3FE685E6690D771A550E751
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120312A0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SRP_Verify_A_mod_N.LIBEAY32(?,?,?,?), ref: 120312CC
                                                                                                                                                                                                          • SRP_Calc_u.LIBEAY32(?,?,?), ref: 120312F1
                                                                                                                                                                                                          • SRP_Calc_server_key.LIBEAY32(?,?,?,?,?), ref: 12031326
                                                                                                                                                                                                          • BN_num_bits.LIBEAY32(00000000), ref: 12031337
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(-00000007,.\ssl\tls_srp.c,00000162,00000000), ref: 12031355
                                                                                                                                                                                                          • BN_bn2bin.LIBEAY32(00000000,00000000), ref: 12031365
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(00000000,-00000007), ref: 12031383
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000,00000000,-00000007), ref: 12031389
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(00000000), ref: 12031394
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(?,00000000), ref: 1203139E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_clear_free$A_mod_Calc_server_keyCalc_uL_cleanseN_bn2binN_num_bitsO_freeO_mallocVerify_
                                                                                                                                                                                                          • String ID: .\ssl\tls_srp.c
                                                                                                                                                                                                          • API String ID: 795914763-3972901604
                                                                                                                                                                                                          • Opcode ID: f31755bc897bc5bbb8c039697513192e8eb3686eb2e13fbaf54f9142657c176e
                                                                                                                                                                                                          • Instruction ID: f3e9653059a6a9f567b2ee636cb0940b33f7050c8412841008beb7f0a115222c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f31755bc897bc5bbb8c039697513192e8eb3686eb2e13fbaf54f9142657c176e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B214BB66007056FD291DB65CC80EBBB3EDEF89751F044A1CB99983241DB71FC4496A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120252C0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\ssl_cert.c,00000094,00000000,120245F9), ref: 120252E2
                                                                                                                                                                                                          • X509_STORE_CTX_get_ex_new_index.LIBEAY32(00000000,SSL for verify callback,00000000,00000000,00000000), ref: 12025301
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\ssl_cert.c,0000009B), ref: 12025322
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000005,0000000C,.\ssl\ssl_cert.c,000000A1,120245F9), ref: 1202533C
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000006,0000000C,.\ssl\ssl_cert.c,000000A4), ref: 1202535C
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\ssl_cert.c,000000A5,00000006,0000000C,.\ssl\ssl_cert.c,000000A4), ref: 1202536F
                                                                                                                                                                                                          • X509_STORE_CTX_get_ex_new_index.LIBEAY32(00000000,SSL for verify callback,00000000,00000000,00000000), ref: 1202538E
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\ssl_cert.c,000000B1), ref: 120253A9
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000006,0000000C,.\ssl\ssl_cert.c,000000B3), ref: 120253C5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_lock$X509_X_get_ex_new_index
                                                                                                                                                                                                          • String ID: .\ssl\ssl_cert.c$SSL for verify callback
                                                                                                                                                                                                          • API String ID: 3006592226-852846603
                                                                                                                                                                                                          • Opcode ID: b134c0a4e0e8c3845e68c824f1e3b76e21b9e21b9e522b3b68c7bafd5634271d
                                                                                                                                                                                                          • Instruction ID: 34751451cf5c39d25e374d2f3c4faea57711db145cf249c22f34337c3d89160b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b134c0a4e0e8c3845e68c824f1e3b76e21b9e21b9e522b3b68c7bafd5634271d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2214D36BC4390BBF260E354CD83F96A7A0A744B0AF99D711FF497E1C3E9D1A8512186
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120058B0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000083,00000183,.\ssl\s3_clnt.c,000002C9), ref: 12005962
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000083,0000010A,.\ssl\s3_clnt.c,000002D0), ref: 12005999
                                                                                                                                                                                                          • DTLSv1_client_method.SSLEAY32 ref: 120059B3
                                                                                                                                                                                                          • DTLSv1_2_client_method.SSLEAY32 ref: 120059CB
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000083,000000B5,.\ssl\s3_clnt.c,00000345), ref: 12005A99
                                                                                                                                                                                                          • SSL_get_ciphers.SSLEAY32(?,?,00000000), ref: 12005B1D
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 12005B72
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 12005B9E
                                                                                                                                                                                                            • Part of subcall function 12014290: SSL_get_ciphers.SSLEAY32(00000000,00000000,?,?,00000000,12005BEB,?,?,?,?), ref: 120142C7
                                                                                                                                                                                                            • Part of subcall function 12014290: sk_num.LIBEAY32(00000000,00000000,00000000,?,?,00000000,12005BEB,?,?,?,?), ref: 120142CF
                                                                                                                                                                                                            • Part of subcall function 12014290: sk_value.LIBEAY32(00000000,00000000,?,?), ref: 120142E2
                                                                                                                                                                                                            • Part of subcall function 12014290: sk_num.LIBEAY32(00000000,?,?,?,?), ref: 120142F8
                                                                                                                                                                                                            • Part of subcall function 1200E440: SSL_CTX_remove_session.SSLEAY32(?,?), ref: 1200E48A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000083,00000044,.\ssl\s3_clnt.c,00000371,?,00000002,?), ref: 12005C12
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$sk_num$L_get_cipherssk_value$Sv1_2_client_methodSv1_client_methodX_remove_session
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c
                                                                                                                                                                                                          • API String ID: 2006378157-2155475665
                                                                                                                                                                                                          • Opcode ID: 5a1020c648ec1343fc84db3cf48431f7e9d707e81f118758d1a098618aa80dad
                                                                                                                                                                                                          • Instruction ID: 2eadc871bb96ecde0444b4d006ca1363b458cf2ad4a15c8c484a40f3639f1e2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a1020c648ec1343fc84db3cf48431f7e9d707e81f118758d1a098618aa80dad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19A10076600345AFF711CF14EC85FEA3BE4BF44354F048268EE494B282E275E589DBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201DB70 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 256COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\d1_pkt.c,00000637,len <= SSL3_RT_MAX_PLAIN_LENGTH,?,-00000013,1201FB4B,?,00000018,00000000,00000025), ref: 1201DB97
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\d1_pkt.c,0000064D,120404F4), ref: 1201DBC5
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?,?,00000000), ref: 1201DC27
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?,00000025), ref: 1201DC44
                                                                                                                                                                                                          • EVP_MD_size.LIBEAY32(00000000,?,00000025), ref: 1201DC4A
                                                                                                                                                                                                          • EVP_CIPHER_CTX_flags.LIBEAY32(?,?,00000000), ref: 1201DCA2
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?,00000025), ref: 1201DCBB
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000F5,0000008D,.\ssl\d1_pkt.c,000006C2,00000025), ref: 1201DD21
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: OpenX509_Y_get_object$D_sizeR_put_errorX509_get_issuer_nameX_flags
                                                                                                                                                                                                          • String ID: .\ssl\d1_pkt.c$len <= SSL3_RT_MAX_PLAIN_LENGTH
                                                                                                                                                                                                          • API String ID: 2157370477-491979900
                                                                                                                                                                                                          • Opcode ID: 7e21ae19fff7ebd7dbc819c93a1837a015e188e66201e882a528fbbbc02a7880
                                                                                                                                                                                                          • Instruction ID: ccbfbaa348a1e4b1a5b70948cd8e8e589592ee91add2e0a81272f2b944297e83
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e21ae19fff7ebd7dbc819c93a1837a015e188e66201e882a528fbbbc02a7880
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8191DEB26047429FD315DF28C880BE6F7E0BF89314F144B69E99A8B391D770E944DBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202F210 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_CTX_ctrl.SSLEAY32(?,0000005E,?,00000000), ref: 1202F2AF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_ctrl
                                                                                                                                                                                                          • String ID: auto$automatic
                                                                                                                                                                                                          • API String ID: 3359300933-1510859630
                                                                                                                                                                                                          • Opcode ID: 9082319e6bb4974ad74f3ac263cb6cf6f0ee4fdebc5d2f4770344e479b01066f
                                                                                                                                                                                                          • Instruction ID: e5982ed5730516fa61420906356eb8db60dc9c4db49889fdbf27ef45c9c32bcc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9082319e6bb4974ad74f3ac263cb6cf6f0ee4fdebc5d2f4770344e479b01066f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A31306BA4424617E712D9B45C89BE7B7C88B036F5F84036BED40DB2C1F782E409A1D0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1203508C Relevance: 16.8, APIs: 11, Instructions: 288COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__cftof
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3900997005-0
                                                                                                                                                                                                          • Opcode ID: 250aff6e0be6ac5a07fb827d1cc9c126170b5f9327b5ab81c2fcd3b33c77088f
                                                                                                                                                                                                          • Instruction ID: a5a39e7864efaa4cb5b3bd1cac812cbc4bf1e0ac8fb0643e745ed8d227c61da2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 250aff6e0be6ac5a07fb827d1cc9c126170b5f9327b5ab81c2fcd3b33c77088f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22C1657AC4526D8EDB62CA10DC887EDBBB4FB09306F1102D6D409AA1A0C7765BC5EF40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120350A5 Relevance: 16.8, APIs: 11, Instructions: 285COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__cftof
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3900997005-0
                                                                                                                                                                                                          • Opcode ID: 9ee346f8c306642bef59db90756f1d17292c5c7654a66ae86188166ea32d3f63
                                                                                                                                                                                                          • Instruction ID: 8ae463a0f7436d38b1b343bfeefc52415a20f393686471a35f837962bed2f522
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ee346f8c306642bef59db90756f1d17292c5c7654a66ae86188166ea32d3f63
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DC1657AC4526D8EDB63CA10DC887E9BBB4FB09316F1102D6D409AA1A0CB765BC5EF40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202FB50 Relevance: 16.6, APIs: 11, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BIO_clear_flags.LIBEAY32(?,0000000F), ref: 1202FB81
                                                                                                                                                                                                          • SSL_read.SSLEAY32(?,?,?,?,0000000F), ref: 1202FB8D
                                                                                                                                                                                                          • SSL_get_error.SSLEAY32(?,00000000,?,?,?,?,0000000F), ref: 1202FB96
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_get_errorL_readO_clear_flags
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 138930502-0
                                                                                                                                                                                                          • Opcode ID: 026bfc0caba4f1f6042b936ce35ce9c16be7cfb1d8ec7630e83993c745e7d662
                                                                                                                                                                                                          • Instruction ID: 309fbb7ca0415040c884f0b662e4926860d39c52ca4653ccaacd3db68ce7094d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 026bfc0caba4f1f6042b936ce35ce9c16be7cfb1d8ec7630e83993c745e7d662
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0341B47AA043049FD700DF1DEC816ABB7E8EB84766F90853FEC0586201D279F41D9BA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201D3E0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 301COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\d1_pkt.c,0000064D,120404F4), ref: 1201D432
                                                                                                                                                                                                            • Part of subcall function 1200E210: SetLastError.KERNEL32(00000000,80000000), ref: 1200E262
                                                                                                                                                                                                            • Part of subcall function 1200E210: BIO_write.LIBEAY32(?,?,?), ref: 1200E287
                                                                                                                                                                                                            • Part of subcall function 1200E210: ERR_put_error.LIBEAY32(00000014,0000009F,00000080,.\ssl\s3_pkt.c,0000045B), ref: 1200E2A7
                                                                                                                                                                                                          • X509_NAME_ENTRY_get_object.LIBEAY32(?), ref: 1201D484
                                                                                                                                                                                                          • EVP_CIPHER_CTX_flags.LIBEAY32(?), ref: 1201D4FC
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?), ref: 1201D519
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000F5,0000008D,.\ssl\d1_pkt.c,000006C2), ref: 1201D57F
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1201D74C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$ErrorLastO_ctrlO_writeOpenX509_X509_get_issuer_nameX_flagsY_get_object
                                                                                                                                                                                                          • String ID: .\ssl\d1_pkt.c
                                                                                                                                                                                                          • API String ID: 690001995-285292661
                                                                                                                                                                                                          • Opcode ID: bf57e4f1def12ffa7a47387c25f0188ef1f9fd1df835f2b8a64e0a9500fa46a5
                                                                                                                                                                                                          • Instruction ID: a21c90d0a0a62928ad194dd800654f58e6e952b3d4e347b37244816fdd33e417
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf57e4f1def12ffa7a47387c25f0188ef1f9fd1df835f2b8a64e0a9500fa46a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BB1DF726007429FD315DF29C880BE6B7E0BF89318F044A6DE9998B381E774F545DBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201F050 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • pqueue_find.LIBEAY32(?,?), ref: 1201F0DF
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\d1_both.c,00000301,((long)msg_hdr->msg_len) > 0), ref: 1201F224
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1201F25E
                                                                                                                                                                                                          • pitem_new.LIBEAY32(?,?), ref: 1201F27E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeOpenpitem_newpqueue_find
                                                                                                                                                                                                          • String ID: ((long)msg_hdr->msg_len) > 0$.\ssl\d1_both.c$item != NULL
                                                                                                                                                                                                          • API String ID: 4078150540-2643215950
                                                                                                                                                                                                          • Opcode ID: 2a3709623e152f64579b824020f9eddb070ce4b06d820c5ddc7a9323357800bc
                                                                                                                                                                                                          • Instruction ID: 6ac34921b2cf8945d0c0733634d49e8049b2db35af3545baff08188eff9fc01b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3709623e152f64579b824020f9eddb070ce4b06d820c5ddc7a9323357800bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9991F4766043828FC715CF68C888BAAB7E1BF98324F08476DE8558F782D730E905DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12006890 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000011B,00000041,.\ssl\s3_clnt.c,00000926), ref: 120069B3
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(?), ref: 120069DE
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_add_lock.LIBEAY32(?,000000FF,0000000E,.\ssl\ssl_sess.c,0000035A,?,1202714B,?,?,?,120217F7,?,00000000,?), ref: 12026F52
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free_ex_data.LIBEAY32(00000003,?,?), ref: 12026F6C
                                                                                                                                                                                                            • Part of subcall function 12026F30: OPENSSL_cleanse.LIBEAY32(?,00000008,00000003,?,?), ref: 12026F77
                                                                                                                                                                                                            • Part of subcall function 12026F30: OPENSSL_cleanse.LIBEAY32(?,00000030,?,00000008,00000003,?,?), ref: 12026F82
                                                                                                                                                                                                            • Part of subcall function 12026F30: OPENSSL_cleanse.LIBEAY32(?,00000020,?,00000030,?,00000008,00000003,?,?), ref: 12026F8D
                                                                                                                                                                                                            • Part of subcall function 12026F30: X509_free.LIBEAY32(?), ref: 12026FB3
                                                                                                                                                                                                            • Part of subcall function 12026F30: sk_free.LIBEAY32(?), ref: 12026FC6
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 12026FD9
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 12026FEC
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 12027009
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 12027026
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 12027039
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 1202704C
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?), ref: 1202705F
                                                                                                                                                                                                            • Part of subcall function 12026F30: OPENSSL_cleanse.LIBEAY32(?,000000F4), ref: 1202706D
                                                                                                                                                                                                            • Part of subcall function 12026F30: CRYPTO_free.LIBEAY32(?,?,000000F4), ref: 12027073
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12006A01
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\s3_clnt.c,00000932), ref: 12006A24
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000011B,00000041,.\ssl\s3_clnt.c,00000934), ref: 12006A5B
                                                                                                                                                                                                          • EVP_sha256.LIBEAY32(00000000), ref: 12006A9E
                                                                                                                                                                                                          • EVP_Digest.LIBEAY32(?,?,?,?,00000000,00000000), ref: 12006AAE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$L_cleanse$R_put_error$DigestN_freeO_add_lockO_free_ex_dataO_mallocP_sha256X509_freesk_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c
                                                                                                                                                                                                          • API String ID: 2478572562-2155475665
                                                                                                                                                                                                          • Opcode ID: 31c73862b533a0a3433ca4526bf60234f660076ca7b6c57a9ebcaeaea066673a
                                                                                                                                                                                                          • Instruction ID: 41ec133aea32ea2c0129bfa45a5feddac4e15cd6b82f53201561d649becbe756
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31c73862b533a0a3433ca4526bf60234f660076ca7b6c57a9ebcaeaea066673a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21513372A00202AFF609CB64CC80FAAB7A9BF44355F144729F6596BAC2D770A410DBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120308C0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_reneg.c,000000F0,!expected_len || s->s3->previous_client_finished_len), ref: 120308F6
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_reneg.c,000000F1,!expected_len || s->s3->previous_server_finished_len), ref: 12030919
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000012D,00000150,.\ssl\t1_reneg.c,000000F6,?,12006201,12015D09,?,?,00000000,?), ref: 12030940
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000012D,00000150,.\ssl\t1_reneg.c,00000100,?,?,12006201,12015D09,?,?,00000000,?), ref: 1203097D
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000012D,00000151,.\ssl\t1_reneg.c,00000110,?,?,12006201,12015D09,?,?,00000000,?), ref: 12030A05
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000012D,00000151,.\ssl\t1_reneg.c,00000119,?,?,12006201,12015D09,?,?,00000000,?), ref: 12030A8E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$Open
                                                                                                                                                                                                          • String ID: !expected_len || s->s3->previous_client_finished_len$!expected_len || s->s3->previous_server_finished_len$.\ssl\t1_reneg.c
                                                                                                                                                                                                          • API String ID: 3578803784-3367045297
                                                                                                                                                                                                          • Opcode ID: f750d3deee68ec15abf5e551bf9bc0162a20ae6a97711ae0d937626ea9eab708
                                                                                                                                                                                                          • Instruction ID: 1a51725d550d42d441785b8f66f9c62203f20a84b82876116bf91c467264e5c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f750d3deee68ec15abf5e551bf9bc0162a20ae6a97711ae0d937626ea9eab708
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA5124726851851FF303CB14D841BF93BE39F4131AF1946FAE6896A582C662E480E390
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202BBE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000B1,00000043,.\ssl\ssl_rsa.c,0000020A), ref: 1202BBFC
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000B1,00000041,.\ssl\ssl_rsa.c,0000020E), ref: 1202BC33
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 1767461275-614043423
                                                                                                                                                                                                          • Opcode ID: bc12cb73949bc01593c96b6e0cddfd5b3c38c0ca3898079c92dd33d7a22589ec
                                                                                                                                                                                                          • Instruction ID: 7013f9310c5c9da37a9ad9dd2a7b0f1e5c52c3ccc201e3bc4fb7e7f903068685
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc12cb73949bc01593c96b6e0cddfd5b3c38c0ca3898079c92dd33d7a22589ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9110AB7B813002AF611E7B85C82FEB53584F54B22F944532FA05E91C1FB91F5613066
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202C880 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000CC,00000043,.\ssl\ssl_rsa.c,00000096), ref: 1202C89C
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000CC,00000041,.\ssl\ssl_rsa.c,0000009A), ref: 1202C8D3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 1767461275-614043423
                                                                                                                                                                                                          • Opcode ID: 60c27ff1d9d4aed5f3e9f5847edf4d1412122d9d5d698ae1a7eb2d7e4afd70e5
                                                                                                                                                                                                          • Instruction ID: d0a3b37abc214547bec658ab7b832fc63d4ae332a0d04369dca8f98ed2460c49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c27ff1d9d4aed5f3e9f5847edf4d1412122d9d5d698ae1a7eb2d7e4afd70e5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B113AA7B813013AF611E7B89C82FDB52584F54B62F150633FA09EA1C1F651E52031A5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12023860 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BIO_f_buffer.LIBEAY32(00000000,?,12005532,?,00000001), ref: 1202386D
                                                                                                                                                                                                          • BIO_new.LIBEAY32(00000000,00000000,?,12005532,?,00000001), ref: 12023873
                                                                                                                                                                                                          • BIO_pop.LIBEAY32(?,00000000,?,12005532,?,00000001), ref: 1202388E
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,00000001,00000000,00000000,00000000,?,12005532,?,00000001), ref: 120238A0
                                                                                                                                                                                                          • BIO_int_ctrl.LIBEAY32(?,00000075,00000001,00000000,?,00000001,00000000,00000000,00000000,?,12005532,?,00000001), ref: 120238AC
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000B8,00000007,.\ssl\ssl_lib.c,00000C29), ref: 120238CB
                                                                                                                                                                                                          • BIO_push.LIBEAY32(?,?,?,?,?,?,?,?,00000001), ref: 120238E8
                                                                                                                                                                                                          • BIO_pop.LIBEAY32(?,?,?,?,?,?,?,00000001), ref: 12023901
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_pop$O_ctrlO_f_bufferO_int_ctrlO_newO_pushR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 156715244-3333140318
                                                                                                                                                                                                          • Opcode ID: 87190111594886734df9722fd9b8b9a2cec7b63549057b24b8ba1f606f835f27
                                                                                                                                                                                                          • Instruction ID: 8c4414098abb1ca9c547ecac8db2eb5d8b29708a84c978db5ba800ea8158c456
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87190111594886734df9722fd9b8b9a2cec7b63549057b24b8ba1f606f835f27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4811B277F407117BE213DB24AC01BDAA3B8AB05B11F400722F900AE680E3E0B99192D2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120240E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000A4,000000BC,.\ssl\ssl_lib.c,000000C2), ref: 12024103
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(?), ref: 12024124
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000A4,00000044,.\ssl\ssl_lib.c,000000DC), ref: 12024159
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$N_free
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 483722116-3333140318
                                                                                                                                                                                                          • Opcode ID: c5b56822a3eaf8b856a5c02a599cb148ec40642cf3e75bc5788332badbf79d42
                                                                                                                                                                                                          • Instruction ID: 9a42051a03c50ede7f5c77ed0bd32e4aa3c1ac01ef567403cf44cef418ff7d66
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b56822a3eaf8b856a5c02a599cb148ec40642cf3e75bc5788332badbf79d42
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 984176B6A00B008FE762CF29E840B97F7F4BF84304F554A2EE58A9B651D770B481DB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200A8A0 Relevance: 13.6, APIs: 9, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 1200CEC0: OPENSSL_cleanse.LIBEAY32(00000000,?), ref: 1200CEDF
                                                                                                                                                                                                            • Part of subcall function 1200CEC0: CRYPTO_free.LIBEAY32(00000000,00000000,?), ref: 1200CEEE
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1200A8F8
                                                                                                                                                                                                          • DH_free.LIBEAY32(?), ref: 1200A90E
                                                                                                                                                                                                          • EC_KEY_free.LIBEAY32(?), ref: 1200A924
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_00031B44), ref: 1200A93F
                                                                                                                                                                                                          • BIO_free.LIBEAY32(?), ref: 1200A955
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 1200A980
                                                                                                                                                                                                          • SSL_SRP_CTX_free.SSLEAY32(?), ref: 1200A989
                                                                                                                                                                                                          • OPENSSL_cleanse.LIBEAY32(?,0000042C,?), ref: 1200A997
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,0000042C,?), ref: 1200A9A0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$L_cleanse$H_freeX_freeY_freesk_pop_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 981315686-0
                                                                                                                                                                                                          • Opcode ID: a74b0c112ad0982bb04e15912042dda4017631edec54418919a214a1a323f53d
                                                                                                                                                                                                          • Instruction ID: 481922330ecdfa00d4984be525658f0f7cac0a33788187fa2bf9cb2439b45956
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a74b0c112ad0982bb04e15912042dda4017631edec54418919a214a1a323f53d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B2181B6F007409BF712CB21C844FABB3E8AF04349F050738E5469B651EA75F585EB96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12030AC0 Relevance: 13.6, APIs: 9, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,?,12022C2E,?), ref: 12030AD8
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,12022C2E,?), ref: 12030AE4
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,12022C2E,?), ref: 12030AF0
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,12022C2E,?), ref: 12030AFC
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,12022C2E,?), ref: 12030B08
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?,12022C2E,?), ref: 12030B14
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?,?,12022C2E,?), ref: 12030B20
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?,?,?,12022C2E,?), ref: 12030B2C
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?,?,?,?,12022C2E,?), ref: 12030B38
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3506937590-0
                                                                                                                                                                                                          • Opcode ID: f6715e65f56730b1781256080da6325bb7d85795ac8ec107f33c2cf5667828bf
                                                                                                                                                                                                          • Instruction ID: 09b2eb8b182ee2ae330bee6aaa1b8b77880ae51824e2a95f19a123722a425396
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6715e65f56730b1781256080da6325bb7d85795ac8ec107f33c2cf5667828bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A121B8B6A04B00AFD661DF7AD450AD7F7F8AF98301F014A1EA1AE87210DB75B441DB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12030BB0 Relevance: 13.6, APIs: 9, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 12030BC8
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?), ref: 12030BD4
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?), ref: 12030BE0
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?), ref: 12030BEC
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?), ref: 12030BF8
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?), ref: 12030C04
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?), ref: 12030C10
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?), ref: 12030C1C
                                                                                                                                                                                                          • BN_free.LIBEAY32(?,?,?,?,?,?,?,?,?), ref: 12030C28
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3506937590-0
                                                                                                                                                                                                          • Opcode ID: bb792955a2e71d4c8a960a2001c1a1886a56036fc43e0ac9206971f1962b806a
                                                                                                                                                                                                          • Instruction ID: 0e8b8a05211f088a2fdcbd12b4de97b44e87765bc59ad18dc229f3d1a7bb5a01
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb792955a2e71d4c8a960a2001c1a1886a56036fc43e0ac9206971f1962b806a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D521C3B6A01B00AFD6A1DF7AD490AD7F7F8AF99301F014A1EE1AA87210D7B0B441DB50
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201FA80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_state.SSLEAY32(?), ref: 1201FABD
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(00000025,.\ssl\d1_both.c,0000061D), ref: 1201FAE7
                                                                                                                                                                                                          • RAND_bytes.LIBEAY32(-00000003,00000010), ref: 1201FB22
                                                                                                                                                                                                          • RAND_bytes.LIBEAY32(-00000013,00000010), ref: 1201FB34
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000), ref: 1201FB84
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000131,0000016D,.\ssl\d1_both.c,000005FD,?,?,1200B7F2), ref: 1201FBB9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_bytes$L_stateO_freeO_mallocR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\d1_both.c
                                                                                                                                                                                                          • API String ID: 1882168250-2895748750
                                                                                                                                                                                                          • Opcode ID: b3e9c83dd6bf5a8bcf2cba0b5532b7bb0e8861ce25808b85215a2c2fb836f3b9
                                                                                                                                                                                                          • Instruction ID: c846f416a95fbcefb0a60c099af187c5515bf32d1e5baa5f28ff6afe9908f401
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3e9c83dd6bf5a8bcf2cba0b5532b7bb0e8861ce25808b85215a2c2fb836f3b9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9313F737803457BF701CA149C86FE7B3A85F61718F048318FD482D6C2E6E6E551A3A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12020A40 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_new_null.LIBEAY32(?,?,12020B43,?), ref: 12020A4E
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000135,0000016A,.\ssl\d1_srtp.c,000000B0,?,?,12020B43,?), ref: 12020A6F
                                                                                                                                                                                                          • sk_find.LIBEAY32(00000000,?), ref: 12020AC3
                                                                                                                                                                                                          • sk_push.LIBEAY32(00000000,?), ref: 12020AD1
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000135,0000016C,.\ssl\d1_srtp.c,000000C3), ref: 12020B17
                                                                                                                                                                                                          • sk_free.LIBEAY32(00000000,00000014,00000135,0000016C,.\ssl\d1_srtp.c,000000C3), ref: 12020B1D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$sk_findsk_freesk_new_nullsk_push
                                                                                                                                                                                                          • String ID: .\ssl\d1_srtp.c
                                                                                                                                                                                                          • API String ID: 3835093942-3998674507
                                                                                                                                                                                                          • Opcode ID: 65cfa4ae2d37da82d2c26c498ae10c83c0351ae93012f91bd37884682b0401df
                                                                                                                                                                                                          • Instruction ID: e03f98b6f961837cb85028dd65a442aa926ea7d47740facf8497bb0e4f4698f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65cfa4ae2d37da82d2c26c498ae10c83c0351ae93012f91bd37884682b0401df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD2149777403062EE602D6249C01FE7B35B8FA5757F944326FD059B180EA92B504B2A0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12027080 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000C3,000000F0,.\ssl\ssl_sess.c,00000398), ref: 120270D1
                                                                                                                                                                                                          • SSL_set_ssl_method.SSLEAY32(?,?), ref: 120270E5
                                                                                                                                                                                                          • CRYPTO_add_lock.LIBEAY32(?,00000001,0000000E,.\ssl\ssl_sess.c,000003B0), ref: 12027106
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(?), ref: 12027119
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(?,?,?,120217F7,?,00000000,?), ref: 12027146
                                                                                                                                                                                                          • SSL_set_ssl_method.SSLEAY32(?,?,?,?,120217F7,?,00000000,?), ref: 12027167
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_set_ssl_methodN_free$O_add_lockR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 926238990-1959455021
                                                                                                                                                                                                          • Opcode ID: 13b90a05fa30128346f77ea159cebb421026cce5398b7c3b0d35bf69a608a6ec
                                                                                                                                                                                                          • Instruction ID: b41a1b157ff8485181a411418ee02592877e137846f6ffabb273f5d8ede4dcb4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b90a05fa30128346f77ea159cebb421026cce5398b7c3b0d35bf69a608a6ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC21D3767407029BE724CB68EC81FE7B3E8AF84304F404A2AF91AD7250E771F541E6A1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120292E0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 321COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 120293F7
                                                                                                                                                                                                          • _strncmp.LIBCMT ref: 12029472
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000E6,00000118,.\ssl\ssl_ciph.c,000004C6,?,00000000,00000001,00000000), ref: 120295F9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _strncmp$R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_ciph.c$STRENGTH
                                                                                                                                                                                                          • API String ID: 3709734218-4120156686
                                                                                                                                                                                                          • Opcode ID: f611ac621e4a2b722fb3b8ca74e6bbe0ff448207296dbb0a118b3598bd6a8b54
                                                                                                                                                                                                          • Instruction ID: faa0d62e25e51b70deef53a1e04b230b6d7f7978daef9998432ac387d9f07f4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f611ac621e4a2b722fb3b8ca74e6bbe0ff448207296dbb0a118b3598bd6a8b54
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5B1C476A0834A8FD702CE18C584BEAB7E4AB85388FE0471FF99583290D371D446EB57
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201F350 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • pqueue_find.LIBEAY32(?,?), ref: 1201F3BA
                                                                                                                                                                                                          • pitem_new.LIBEAY32(?,00000000), ref: 1201F4AC
                                                                                                                                                                                                          • pqueue_insert.LIBEAY32(?,00000000), ref: 1201F4C3
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\d1_both.c,00000377,item != NULL), ref: 1201F4DE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Openpitem_newpqueue_findpqueue_insert
                                                                                                                                                                                                          • String ID: .\ssl\d1_both.c$item != NULL
                                                                                                                                                                                                          • API String ID: 3897113090-143540491
                                                                                                                                                                                                          • Opcode ID: 74f70250deef5e290fd6e98b0b5b7e8709c5a91f948c159f635755943e67fcee
                                                                                                                                                                                                          • Instruction ID: 8e83d70c1b0ef903ceabb82069215c61898b6b317ecdfa7a9fdbabecca77b1e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74f70250deef5e290fd6e98b0b5b7e8709c5a91f948c159f635755943e67fcee
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51C9B26043424BD321DF68D885BABB3E4BF98314F044B2DF5998B241E774E90497A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12016AD0 Relevance: 10.6, APIs: 7, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12016920: CRYPTO_free.LIBEAY32(?,00000000,?,?,?,12016AEC,?,?,?,1201873E,?,?,00000000,12001A88,?), ref: 1201694E
                                                                                                                                                                                                            • Part of subcall function 12016920: CRYPTO_malloc.LIBEAY32(00000000,.\ssl\t1_lib.c,00000F0F), ref: 12016A02
                                                                                                                                                                                                          • ERR_set_mark.LIBEAY32(00000000,?), ref: 12016B69
                                                                                                                                                                                                          • EVP_PKEY_get_default_digest_nid.LIBEAY32(00000000,?,00000000,?), ref: 12016B82
                                                                                                                                                                                                          • ERR_pop_to_mark.LIBEAY32 ref: 12016BBB
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32 ref: 12016C31
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32 ref: 12016C3F
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32 ref: 12016C47
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32 ref: 12016C58
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_sha1$O_freeO_mallocR_pop_to_markR_set_markY_get_default_digest_nid
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2753321895-0
                                                                                                                                                                                                          • Opcode ID: a1cb41b53f7c2c9bba1d8b0c2d7341734d71a2635f05af167f45a21796708d11
                                                                                                                                                                                                          • Instruction ID: 50858e87df94b2008b88ed6b2990f6570cbf2b21c9abf58c032eed31b0d7a729
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1cb41b53f7c2c9bba1d8b0c2d7341734d71a2635f05af167f45a21796708d11
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9641CF728042428FCB12CF68CCC47EAB7F0FB45315F044A69D8598F256E735E489EB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12022270 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$L_get_cipherssk_findsk_value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1236675727-0
                                                                                                                                                                                                          • Opcode ID: 8dfae41303ffd931adf47a194eb6951b3e1860b3da03fbed65d1562287dc11d3
                                                                                                                                                                                                          • Instruction ID: 18e879d04a86ec9e752da8c4bac651537b7b96c88469db2af200fb58b7640225
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dfae41303ffd931adf47a194eb6951b3e1860b3da03fbed65d1562287dc11d3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E313AB76043415FD711CFB49D807ABB7D9DF85354F440B7AE88983201E721E805D7A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12010030 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\s3_both.c,000000B5,i <= EVP_MAX_MD_SIZE), ref: 120100B6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                          • String ID: .\ssl\s3_both.c$@$@$i <= EVP_MAX_MD_SIZE
                                                                                                                                                                                                          • API String ID: 71445658-1993513779
                                                                                                                                                                                                          • Opcode ID: 40be8a98187cfaed1c2dec77419f86731cc654c6e112e3b66e9c3dddbdf40f5c
                                                                                                                                                                                                          • Instruction ID: 070faa1e71cdd01671983abb4c54f34dd7c094a8b154eddad74149386e534ffe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40be8a98187cfaed1c2dec77419f86731cc654c6e112e3b66e9c3dddbdf40f5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5631F5B6201741AFD311EB44CD80EA7B3E5EF88324F04466CE9859B711E678F945DBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12027B10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\ssl_sess.c,0000033E,?,?,12027E78,00000001,?), ref: 12027B3B
                                                                                                                                                                                                          • lh_retrieve.LIBEAY32(00000001,?,?,?,?,12027E78,00000001,?), ref: 12027B49
                                                                                                                                                                                                          • lh_delete.LIBEAY32(00000001,?,00000001,?), ref: 12027B61
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\ssl_sess.c,00000346), ref: 12027B86
                                                                                                                                                                                                          • SSL_SESSION_free.SSLEAY32(00000000), ref: 12027BAB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_lock$N_freelh_deletelh_retrieve
                                                                                                                                                                                                          • String ID: .\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 614341428-1959455021
                                                                                                                                                                                                          • Opcode ID: 453cc74295f20d92ec066d79820d601ae8cffaa99b201aaf1e9a97db51c9783b
                                                                                                                                                                                                          • Instruction ID: 05c79065bb457ee0395b7a855774d750c5f01f89667f93f39cc05ce6cf293fb1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 453cc74295f20d92ec066d79820d601ae8cffaa99b201aaf1e9a97db51c9783b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49010867B803096BE316DAA0AC41FB7B2EC9B54719F04072BBD0856291E7B1A54061A2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12025BD0 Relevance: 10.5, APIs: 7, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_new_null.LIBEAY32 ref: 12025BD3
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 12025BE1
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 12025BF2
                                                                                                                                                                                                          • X509_NAME_dup.LIBEAY32(00000000,?,00000000), ref: 12025BF8
                                                                                                                                                                                                          • sk_push.LIBEAY32(00000000,00000000), ref: 12025C06
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 12025C14
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(00000000,Function_00031B44), ref: 12025C2C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$E_dupX509_sk_new_nullsk_pop_freesk_pushsk_value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1341318936-0
                                                                                                                                                                                                          • Opcode ID: 53a18c00e582fa63a3ad5e995ebc4f5643ae0a4aa656c96552aa4f86f65fe54f
                                                                                                                                                                                                          • Instruction ID: 26e3e6a292558f57b470f06a765cc28272e8d1075529a5d7a3096ab9aa05dea5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53a18c00e582fa63a3ad5e995ebc4f5643ae0a4aa656c96552aa4f86f65fe54f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F02BDF9001102F9602D6796C409BBD1AC895D693B450B36FC02D1101FA02E415B2B6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12016830 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_md5.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 12016864
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 1201686B
                                                                                                                                                                                                          • EVP_sha224.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 12016872
                                                                                                                                                                                                          • EVP_sha256.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 12016879
                                                                                                                                                                                                          • EVP_sha384.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 12016880
                                                                                                                                                                                                          • EVP_sha512.LIBEAY32(?,00000000,?,?,120169ED,00000000,?,?), ref: 12016887
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_md5P_sha1P_sha224P_sha256P_sha384P_sha512
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 840344691-0
                                                                                                                                                                                                          • Opcode ID: eb28e7247ac25330997d4914d20fae90f3692b5494294b1a08cb217ab6af2a23
                                                                                                                                                                                                          • Instruction ID: 62beb5979140f3cb57d856844718930c6b7216bd2f1b5f7ed5ccfbb51f71d101
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb28e7247ac25330997d4914d20fae90f3692b5494294b1a08cb217ab6af2a23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A821083790C2578EC30AEF7C9C540AAFBE8AF55205B04875FE4958FA05D522E409FF22
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120310A0 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SRP_get_default_gN.LIBEAY32(?), ref: 120310A6
                                                                                                                                                                                                          • BN_dup.LIBEAY32(?), ref: 120310BF
                                                                                                                                                                                                          • BN_dup.LIBEAY32(?,?), ref: 120310D2
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(00000000), ref: 120310ED
                                                                                                                                                                                                          • BN_clear_free.LIBEAY32(?), ref: 1203110C
                                                                                                                                                                                                          • SRP_create_verifier_BN.LIBEAY32(?,?,?,?,?,?), ref: 1203112E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_clear_freeN_dup$P_create_verifier_P_get_default_g
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1988882276-0
                                                                                                                                                                                                          • Opcode ID: 864a434d40905804c6012350ba1ba1375abc65d512cec25e7886666110632e00
                                                                                                                                                                                                          • Instruction ID: bf5b192a4b847ef1b7f65762fc437d85fb458f1900a28f82da7ade47e7d574f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 864a434d40905804c6012350ba1ba1375abc65d512cec25e7886666110632e00
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE1170F65046016FD751CB68DC40BA7B7F8AF89351F054A18E89883241E735F815DBA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12017070 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OBJ_sn2nid.LIBEAY32(00000001), ref: 1201718F
                                                                                                                                                                                                          • OBJ_ln2nid.LIBEAY32(00000001), ref: 1201719C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: J_ln2nidJ_sn2nid
                                                                                                                                                                                                          • String ID: DSA$ECDSA$RSA
                                                                                                                                                                                                          • API String ID: 1214796006-3559535724
                                                                                                                                                                                                          • Opcode ID: 3711bbc1a0da3029ce16d3e6a056c23594f47e512824bd59807e96778e58306e
                                                                                                                                                                                                          • Instruction ID: 8aa15d404fe46c0ffaab3431b57f842569d704d9ead8bf1f792a229cff83f2e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3711bbc1a0da3029ce16d3e6a056c23594f47e512824bd59807e96778e58306e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5514C339082824FD31BCF3C88957E67BD6AF46254F844B98D8858F265E722D50DD392
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12017200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\t1_lib.c,0000109F,?,?,12018A28,?,?,?,?), ref: 1201721A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c
                                                                                                                                                                                                          • API String ID: 1457121658-2047370388
                                                                                                                                                                                                          • Opcode ID: 137b099a1c1f7c763ee51d06831cd4af8044be7e3f41ae07eb72acd489ba692e
                                                                                                                                                                                                          • Instruction ID: e6086aba46df25009c4eb373b84c7808e61bb34520f1d42c71840dd069367434
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 137b099a1c1f7c763ee51d06831cd4af8044be7e3f41ae07eb72acd489ba692e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21310C73A053044BD329CA79D88069AB3D4EB55335F204B29F49A872A0D731F8579751
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12020BB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_num.LIBEAY32(00000000,00000000,?,00000010,12014C42,00000000,00000000,?,00000000), ref: 12020BE0
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000133,00000162,.\ssl\d1_srtp.c,000000FE,00000000), ref: 12020C10
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000133,0000016B,.\ssl\d1_srtp.c,00000104,00000000), ref: 12020C41
                                                                                                                                                                                                          • sk_value.LIBEAY32(00000000,00000000,?,00000000), ref: 12020C6A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$sk_numsk_value
                                                                                                                                                                                                          • String ID: .\ssl\d1_srtp.c
                                                                                                                                                                                                          • API String ID: 2202921107-3998674507
                                                                                                                                                                                                          • Opcode ID: 5403976ed6206ef3af5b1576127072032f392331783d8c5fe2bde3fef6211b9f
                                                                                                                                                                                                          • Instruction ID: 4f1b460eac65b0697b15284b1c6c14bbf0619d04adf2366200144fcc62edbc57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5403976ed6206ef3af5b1576127072032f392331783d8c5fe2bde3fef6211b9f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 812188B320434A4FD712CF1488C0FD6F7E78F61704F4A45BAE9889B142E652E808D320
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200E210 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,80000000), ref: 1200E262
                                                                                                                                                                                                          • BIO_write.LIBEAY32(?,?,?), ref: 1200E287
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000009F,00000080,.\ssl\s3_pkt.c,0000045B), ref: 1200E2A7
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000009F,0000007F,.\ssl\s3_pkt.c,0000044F,?,?,1200FEDE,?,?,?,?), ref: 1200E321
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$ErrorLastO_write
                                                                                                                                                                                                          • String ID: .\ssl\s3_pkt.c
                                                                                                                                                                                                          • API String ID: 3621644563-4041216366
                                                                                                                                                                                                          • Opcode ID: 5612b89117473cc6983eae776132eeb2767ba3d73d3c901eaa7dc170a7f38730
                                                                                                                                                                                                          • Instruction ID: 9cc9e9bfe70c4189287567fde3f80d83cc25bc7568aa220c0c24872920ad72ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5612b89117473cc6983eae776132eeb2767ba3d73d3c901eaa7dc170a7f38730
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D531CE726487029BF350CB28D885BD6B7E1BF54724F108B2CE6A9572C1D7B0B884DB94
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12026200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • i2d_X509.LIBEAY32(00000000,00000000,?,00000000,12026443,?,?,00000000,?,?,00000000), ref: 12026213
                                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBEAY32(12026443,00000003,?,00000000,?,?,00000000), ref: 12026229
                                                                                                                                                                                                          • i2d_X509.LIBEAY32(00000000), ref: 12026263
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000013F,00000007,.\ssl\ssl_cert.c,00000426,?,00000000,?,?,00000000), ref: 12026297
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X509i2d_$M_grow_cleanR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_cert.c
                                                                                                                                                                                                          • API String ID: 1887697227-3404700246
                                                                                                                                                                                                          • Opcode ID: a69ce3d9cec5f48d7d5770fefa3124c57e9d36d473863025433638a3df27185a
                                                                                                                                                                                                          • Instruction ID: b5d37624ec97774a0b99613afe8f4f67ad9d148f3ef1ba49d3fb91561d59970d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a69ce3d9cec5f48d7d5770fefa3124c57e9d36d473863025433638a3df27185a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A01108777483456FE751CF64CC81BA6F7E49F54305F58862DFA488B281E661F808E722
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120018C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000), ref: 120018DE
                                                                                                                                                                                                          • sk_num.LIBEAY32(?), ref: 120018FC
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000008A), ref: 12001C51
                                                                                                                                                                                                          • sk_free.LIBEAY32(?), ref: 12001C7D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errorsk_freesk_numsk_value
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 1914634297-3445611115
                                                                                                                                                                                                          • Opcode ID: e9c2a45af60bc4abce401110548b1d1c94bb1f4e5ab8cac7573919b757d14240
                                                                                                                                                                                                          • Instruction ID: 8937d7427aa79183c43215d37db936eb116749cfe9694fd5bd8b591ca2063886
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9c2a45af60bc4abce401110548b1d1c94bb1f4e5ab8cac7573919b757d14240
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 790104BBB402405FFB11CB20DC41FAAB3A4AB49342F044725EA496B640E631AA05DBA6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202BA50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • d2i_PrivateKey.LIBEAY32(?,00000000,?,?), ref: 1202BA6A
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000CA,0000000D,.\ssl\ssl_rsa.c,00000172), ref: 1202BA8B
                                                                                                                                                                                                          • SSL_use_PrivateKey.SSLEAY32(?,00000000), ref: 1202BA9E
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000,?,00000000), ref: 1202BAA6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Private$L_use_R_put_errorY_freed2i_
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 4174641380-614043423
                                                                                                                                                                                                          • Opcode ID: 963f59e22e231c41e892afa3efb3717879087d97f8a5e5518f13c4b81093686c
                                                                                                                                                                                                          • Instruction ID: bd811f917a35091124bf723c414c4d74f39ba5136141dba9b92ce82eb3137468
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 963f59e22e231c41e892afa3efb3717879087d97f8a5e5518f13c4b81093686c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12F0B47B7443112BD251DB68AC41F9B77E49FC8750F044A2AF64897280E670E80492B2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12021050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_num.LIBEAY32(00000000), ref: 12021089
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000AA,000000E6,.\ssl\ssl_lib.c,00000120), ref: 120210B1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errorsk_num
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c$ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2$SSLv2
                                                                                                                                                                                                          • API String ID: 3777708388-1426024572
                                                                                                                                                                                                          • Opcode ID: b33f13a994c23af215f40f51d64da093bc32f65ce54d5b368c44a26583cfa988
                                                                                                                                                                                                          • Instruction ID: 5f9aba0cc6dc0ccf0b7cc2ba9e92df98e62401109297096251ebed23850bcf79
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b33f13a994c23af215f40f51d64da093bc32f65ce54d5b368c44a26583cfa988
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0F024BFB003406FE6119720CC41FE776A89B44F05F898AB4B405AB692E6A1E800E661
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202CA90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • d2i_RSAPrivateKey.LIBEAY32(00000000,?,?), ref: 1202CAA5
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000CD,0000000D,.\ssl\ssl_rsa.c,00000124), ref: 1202CAC6
                                                                                                                                                                                                          • SSL_use_RSAPrivateKey.SSLEAY32(?,00000000), ref: 1202CAD9
                                                                                                                                                                                                          • RSA_free.LIBEAY32(00000000,?,00000000), ref: 1202CAE1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Private$A_freeL_use_R_put_errord2i_
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 692539868-614043423
                                                                                                                                                                                                          • Opcode ID: 3bf76bfc6805fdca54c47b71b311333934c7b5be32cb648a9c48d5bd8caea7e3
                                                                                                                                                                                                          • Instruction ID: b870b7a20d0f409809cf670d6485c751b05cba7c2ff20136306ae7d0f8a26cb2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf76bfc6805fdca54c47b71b311333934c7b5be32cb648a9c48d5bd8caea7e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EF0EC7BB843103BDA10D7A4AC01FEB77E4CBC4760F064A2AFA049B680E670E81492E1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202C820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • d2i_X509.LIBEAY32(00000000,?,?), ref: 1202C82D
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000C7,0000000D,.\ssl\ssl_rsa.c,00000086), ref: 1202C84E
                                                                                                                                                                                                          • SSL_use_certificate.SSLEAY32(?,00000000), ref: 1202C861
                                                                                                                                                                                                          • X509_free.LIBEAY32(00000000,?,00000000), ref: 1202C869
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_use_certificateR_put_errorX509X509_freed2i_
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 4116471823-614043423
                                                                                                                                                                                                          • Opcode ID: 2ea96d89edaf9b030e5c99593db34667fe5821adce383aa40c018c8b570919ae
                                                                                                                                                                                                          • Instruction ID: 960762392dbc2c74c7e739a1d0a2abe2d0a5d2bdcc5f1fb815f05d9a3f963047
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ea96d89edaf9b030e5c99593db34667fe5821adce383aa40c018c8b570919ae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83E0E52BB852103AD161D3A4AC06FEB23989BC4B61F064736F64996180E860A80592F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200BBCB Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_PKEY_new.LIBEAY32 ref: 1200BC03
                                                                                                                                                                                                          • EVP_PKEY_set1_RSA.LIBEAY32(00000000,?), ref: 1200BC1E
                                                                                                                                                                                                          • EVP_PKEY_set1_DH.LIBEAY32(00000000,?), ref: 1200BC31
                                                                                                                                                                                                          • EVP_PKEY_set1_EC_KEY.LIBEAY32(00000000,?), ref: 1200BC44
                                                                                                                                                                                                          • EVP_PKEY_free.LIBEAY32(00000000), ref: 1200BC61
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Y_set1_$Y_freeY_new
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4207563837-0
                                                                                                                                                                                                          • Opcode ID: 70e8b369497f6b63574c0135715565832455b3116f7004c202a084db1db959df
                                                                                                                                                                                                          • Instruction ID: 2139fde799712bc2a4ed35e3af9fdc546a24d7be51c1b1ba5f01bddeabc99f0a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70e8b369497f6b63574c0135715565832455b3116f7004c202a084db1db959df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C911E533600A528BFB22DEA894C0BFFB3E5D794252F460B3ED69593500FB316942B659
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12016B97 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_sha1$R_pop_to_mark
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3728491826-0
                                                                                                                                                                                                          • Opcode ID: c4741a3b3ef0199905cb42978a0ac2d53ff4aad16b08906e51c426eaee7e05c1
                                                                                                                                                                                                          • Instruction ID: e505c94386a30ec0f8b7cec8b73c2a04865c03ddcd7ab59d5080318d77feda51
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4741a3b3ef0199905cb42978a0ac2d53ff4aad16b08906e51c426eaee7e05c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 442138728002958FDB52DF64CCC83A577E0FB48316F045A6AC8598E215E775E099EB21
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12017370 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_get_issuer_name.LIBEAY32(?,?,?,120176EF,?), ref: 12017377
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,120176EF,?), ref: 12017381
                                                                                                                                                                                                          • sk_value.LIBEAY32(?,00000000,120176EF,?), ref: 12017392
                                                                                                                                                                                                          • X509_NAME_cmp.LIBEAY32(00000000,00000000,?,00000000,120176EF,?), ref: 12017399
                                                                                                                                                                                                          • sk_num.LIBEAY32(?,?,?,?,?,120176EF,?), ref: 120173A7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$E_cmpX509_X509_get_issuer_namesk_value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3873463148-0
                                                                                                                                                                                                          • Opcode ID: 37368e5d5f6964e1fe917823a6ccad36baf2e8b909e49394d2d5b082b0824270
                                                                                                                                                                                                          • Instruction ID: 9031cb2f998383174f0e8618d5436d842d37adeb476767afcef7318ead5aa5f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37368e5d5f6964e1fe917823a6ccad36baf2e8b909e49394d2d5b082b0824270
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73E092EF9401212B9752E2B91DC0ABBD2ECCB59796B090A29FC05C6110F755F911B2B6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201C820 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_clear.SSLEAY32(?), ref: 1201C826
                                                                                                                                                                                                            • Part of subcall function 120240E0: ERR_put_error.LIBEAY32(00000014,000000A4,000000BC,.\ssl\ssl_lib.c,000000C2), ref: 12024103
                                                                                                                                                                                                          • SSL_ctrl.SSLEAY32(?,00000020,00002000,00000000,?), ref: 1201C835
                                                                                                                                                                                                          • SSL_accept.SSLEAY32 ref: 1201C848
                                                                                                                                                                                                            • Part of subcall function 12024FA0: SSL_set_accept_state.SSLEAY32(?), ref: 12024FAC
                                                                                                                                                                                                          • SSL_get_rbio.SSLEAY32(?,0000002E,00000000,?), ref: 1201C85E
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(00000000,?), ref: 1201C867
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_acceptL_clearL_ctrlL_get_rbioL_set_accept_stateO_ctrlR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3099295746-0
                                                                                                                                                                                                          • Opcode ID: 680035392fbeb0cae788b64de4a606493912db979aa4d025759089a7cf3a4572
                                                                                                                                                                                                          • Instruction ID: 0a0cc72fd1e04b2bedac55ede8b394cf7a376e8798b610891d9b721b84e190fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 680035392fbeb0cae788b64de4a606493912db979aa4d025759089a7cf3a4572
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E0927BA417203AF251E758AC46FAB73A88F49314F400556F6046B2C2E6F4F54157DA
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120160B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000118,0000009D,.\ssl\t1_lib.c,00000CC2), ref: 1201613C
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?), ref: 12016190
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c$p
                                                                                                                                                                                                          • API String ID: 3735976985-3217429042
                                                                                                                                                                                                          • Opcode ID: c62a3e5a479a37408df2e1b270f9cfe6f678e884cde74dba2cd7e9343e3c211b
                                                                                                                                                                                                          • Instruction ID: 9aa165e3abd297037bb3d08f06db8837dbb6805832c07c8ead60b687d291e1af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c62a3e5a479a37408df2e1b270f9cfe6f678e884cde74dba2cd7e9343e3c211b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16418D73A006019FE71ACB68CC44BE673E5AB80329F19876DE56A8F2D1CB71E441DB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202C240 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000150,00000043,.\ssl\ssl_rsa.c,00000396), ref: 1202C28F
                                                                                                                                                                                                            • Part of subcall function 1202C170: SSL_CTX_add_server_custom_ext.SSLEAY32(?,?,1202C0F0,00000000,00000000,1202C0D0,00000000,?,?,?,?,1202C272,00000000), ref: 1202C1E5
                                                                                                                                                                                                          • CRYPTO_realloc.LIBEAY32(?,?,.\ssl\ssl_rsa.c,000003A6), ref: 1202C2E5
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000150,00000184,.\ssl\ssl_rsa.c,000003B4), ref: 1202C343
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$O_reallocX_add_server_custom_ext
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 2635170945-614043423
                                                                                                                                                                                                          • Opcode ID: 9fdc5b9a4283ceb5ab812ccbdaf4dcbecc241aee041121497d4c62f7358fd0d2
                                                                                                                                                                                                          • Instruction ID: 6ceeee0d2057f9d3ce171d2d8311aa3012085a93383282a571cb82089ecd75de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fdc5b9a4283ceb5ab812ccbdaf4dcbecc241aee041121497d4c62f7358fd0d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 943125777803016BE201CBD49C81FA77398AB48B45FA64666F7056F2C0DBA1EA50B3D9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12004BB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000132,00000163,.\ssl\s3_srvr.c,00000E58), ref: 12004BD7
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\s3_srvr.c,00000E76), ref: 12004C6F
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000132,00000041,.\ssl\s3_srvr.c,00000E78), ref: 12004C94
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$O_malloc
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 1108683871-3445611115
                                                                                                                                                                                                          • Opcode ID: e1d6a27932ac0f11fe6f5db2c98dc3c245ce0473c660fffc523de77c7c94207f
                                                                                                                                                                                                          • Instruction ID: 69686287996d1c07b93ababa8c93b7c8d41ef36eba2a3bf4fc4df8085425eec2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d6a27932ac0f11fe6f5db2c98dc3c245ce0473c660fffc523de77c7c94207f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8214C766843427FF751CB24EC89FC377E4DB80718F014A28F2456E5C2D3B0A981D658
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12013AB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(00000000,.\ssl\t1_lib.c,0000028A,?,?,12013C8F,?,?,?), ref: 12013AD4
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,?,?,?,?), ref: 12013B36
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c
                                                                                                                                                                                                          • API String ID: 2609694610-2047370388
                                                                                                                                                                                                          • Opcode ID: 68ef7aa7eb16282174f3c4ecbb694606812af567895b0c708d48eb394f41f5b2
                                                                                                                                                                                                          • Instruction ID: e5260a16ea2d2f28ea5d3fe882bce9529145bf09cc6170868ac86296352715c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68ef7aa7eb16282174f3c4ecbb694606812af567895b0c708d48eb394f41f5b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C11D2B3A093024FD310DFA9A88069BF7E5EFD4215F10463DEA859B640EA71F8059792
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120272C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 120272DC
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\ssl_sess.c,00000430), ref: 12027301
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000126,00000041,.\ssl\ssl_sess.c,00000432), ref: 12027326
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 2160744234-1959455021
                                                                                                                                                                                                          • Opcode ID: a007bccf90b6dc31e093e91aee10f09b67ed83a8f4ce5b5acba9854233b96c9a
                                                                                                                                                                                                          • Instruction ID: c8127f34947eaf1622b0586a20ae6cc58e1e0931f3d4af58ab9010d3fde437ca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a007bccf90b6dc31e093e91aee10f09b67ed83a8f4ce5b5acba9854233b96c9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09118FB2640B019FE714CF69EC44BD6F3E8AF95301F05896AF549CB360E3B4E940DA95
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12009836 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000087,00000092,.\ssl\s3_clnt.c,00000878,?,00000002,00000032), ref: 120098A7
                                                                                                                                                                                                          • X509_NAME_free.LIBEAY32(?), ref: 12009B23
                                                                                                                                                                                                          • sk_pop_free.LIBEAY32(?,Function_00031B44), ref: 12009B39
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: E_freeR_put_errorX509_sk_pop_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c
                                                                                                                                                                                                          • API String ID: 2381510960-2155475665
                                                                                                                                                                                                          • Opcode ID: 6fcdb5000a6f6df604a59166c0a07cec24135cbaf41f179eb8958e6bd63cd71e
                                                                                                                                                                                                          • Instruction ID: 1950cdc591033f4ac549b3d539df45cb1563fa14a617b8463fe59f62eda49990
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fcdb5000a6f6df604a59166c0a07cec24135cbaf41f179eb8958e6bd63cd71e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A91176327083424FF321CB28CC82FAAB7E0AF44708F084768E5855B682D624E514D756
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12010810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\s3_both.c,00000266,?,12010981,00000001,00000000), ref: 12010821
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\s3_both.c,00000270,120054FC,?,120054FC,?), ref: 1201086D
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(1200963F,.\ssl\s3_both.c,00000272,?,?,?,?,120054FC,?,120054FC,?), ref: 12010884
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_lock$O_malloc
                                                                                                                                                                                                          • String ID: .\ssl\s3_both.c
                                                                                                                                                                                                          • API String ID: 4201103026-639481419
                                                                                                                                                                                                          • Opcode ID: 450be974b35869312c8a252f2ec94b579b2209e9f6e03f525f6f71d39b67c141
                                                                                                                                                                                                          • Instruction ID: 13a6367d985bccc6dbf1dc894952563955c21de53807d174b11c51073661f9bf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 450be974b35869312c8a252f2ec94b579b2209e9f6e03f525f6f71d39b67c141
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8012673B44341ABE75AEB24DC48F9673936B40B11F12C758FE982F6D2DA60D800E2C0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120108A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(00000009,0000000C,.\ssl\s3_both.c,0000027B,?,12010ADC,00000000,00000000,00000000,?,1200FF5C,?), ref: 120108B1
                                                                                                                                                                                                          • CRYPTO_lock.LIBEAY32(0000000A,0000000C,.\ssl\s3_both.c,00000288), ref: 12010909
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(00000000), ref: 12010916
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_lock$O_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_both.c
                                                                                                                                                                                                          • API String ID: 1526627863-639481419
                                                                                                                                                                                                          • Opcode ID: 04c9bb3f1fc993384073ef93ec0182061e742f77659b2f6aeddfd155bfdcaa9c
                                                                                                                                                                                                          • Instruction ID: 4efec02a1448f7149f3a594e8bed9f6f1dc1118761b253bb80769839fc49bb45
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04c9bb3f1fc993384073ef93ec0182061e742f77659b2f6aeddfd155bfdcaa9c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F01B172B84251DBE755CB14C888FA677A2AB40712F0687A8EDC92F292CA30DC40D691
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120218C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000A8,000000BE,.\ssl\ssl_lib.c,000003C3), ref: 120218F5
                                                                                                                                                                                                          • X509_check_private_key.LIBEAY32(?,00000000), ref: 1202190F
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000A8,000000B1,.\ssl\ssl_lib.c,000003BE), ref: 1202192E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$X509_check_private_key
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 2185167962-3333140318
                                                                                                                                                                                                          • Opcode ID: 5fd8d3fd17ff02855cdea1295055afd485d655289ee403e6f515bcc8fc0fd4e7
                                                                                                                                                                                                          • Instruction ID: b2a998cc20b070d6a0813a1b8a1e73f7a46db212a9ff844c318f1912d6fb934a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fd8d3fd17ff02855cdea1295055afd485d655289ee403e6f515bcc8fc0fd4e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEF0627E7413016FEB41E714CC41F9672E16F45B06F8581B4B509AF2D1DBA0D940F662
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200A830 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(0000042C,.\ssl\s3_lib.c,00000BCD), ref: 1200A840
                                                                                                                                                                                                          • _memset.LIBCMT ref: 1200A859
                                                                                                                                                                                                          • SSL_SRP_CTX_init.SSLEAY32(?,00000000,00000000,0000042C), ref: 1200A880
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_mallocX_init_memset
                                                                                                                                                                                                          • String ID: .\ssl\s3_lib.c
                                                                                                                                                                                                          • API String ID: 1540161045-3880942756
                                                                                                                                                                                                          • Opcode ID: 0915130969d44ade3d5585e11936ada1da2e75d3408142a69f6fa32276d31749
                                                                                                                                                                                                          • Instruction ID: 4284b7a5adff3512d1d577f23cc0acca0d5ab677643052a13cf1d0cfe4bb30cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0915130969d44ade3d5585e11936ada1da2e75d3408142a69f6fa32276d31749
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0B472A517105FE3A1DB39DC40FDBBBE49F89720F014529F5489B240D36468818BC5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201E010 Relevance: 6.2, APIs: 4, Instructions: 217COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: pqueue_peek.LIBEAY32(?), ref: 1201DEBA
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: pqueue_peek.LIBEAY32(?), ref: 1201DEFE
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: pqueue_pop.LIBEAY32(?), ref: 1201DF1F
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: CRYPTO_free.LIBEAY32(?,00000000), ref: 1201DF39
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: pqueue_free.LIBEAY32(00000000,?,00000000), ref: 1201DF3F
                                                                                                                                                                                                            • Part of subcall function 1201DEA0: pqueue_peek.LIBEAY32(?), ref: 1201DFAD
                                                                                                                                                                                                          • pqueue_pop.LIBEAY32(?), ref: 1201E03C
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?,00000000), ref: 1201E287
                                                                                                                                                                                                          • pqueue_free.LIBEAY32(00000000,?,00000000), ref: 1201E28D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: pqueue_peek$O_freepqueue_freepqueue_pop
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4057555279-0
                                                                                                                                                                                                          • Opcode ID: 10f94f95e3c494465a81251255d24b838a62fd92722eeecb24a3a3c9821e5396
                                                                                                                                                                                                          • Instruction ID: 57eb2a87194a039341d8ea663d74c7a76e25ac00915f4a9a1ed5d98774aa4227
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f94f95e3c494465a81251255d24b838a62fd92722eeecb24a3a3c9821e5396
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B71B172A00652ABD71ACF15C8947EEB7E5BF45308F048329EC498FA41D338F991EB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201C025 Relevance: 6.2, APIs: 4, Instructions: 151COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 120101B0: ERR_put_error.LIBEAY32(00000014,0000008C,00000095,.\ssl\s3_both.c,00000111), ref: 12010263
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1201C2D6
                                                                                                                                                                                                            • Part of subcall function 1201C6C0: SSL_get_rbio.SSLEAY32(1201AFE9,0000002D,00000000,8AFFFD3E,00000000,1201AFE9,?), ref: 1201C706
                                                                                                                                                                                                            • Part of subcall function 1201C6C0: BIO_ctrl.LIBEAY32(00000000,?), ref: 1201C70F
                                                                                                                                                                                                          • BUF_MEM_new.LIBEAY32 ref: 1201C0CE
                                                                                                                                                                                                          • BUF_MEM_grow.LIBEAY32(00000000,00004000), ref: 1201C0E7
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1201C197
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrl$L_get_rbioM_freeM_growM_newR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3339721261-0
                                                                                                                                                                                                          • Opcode ID: 6888b1e7769436cdf5371e69e6fcb82eaee2f7832308559fa8d908d8be5289fa
                                                                                                                                                                                                          • Instruction ID: 6bec10b77c41ed53c15b67c0645117885b4eedf44ecf98ec8416130a246f2f7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6888b1e7769436cdf5371e69e6fcb82eaee2f7832308559fa8d908d8be5289fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8651E0B7A017448FD366CF59D984AABB7E0EF48704F040A2EE48A8BB51C774F544DB86
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201C003 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12006AD0: ERR_put_error.LIBEAY32(00000014,00000121,00000041,.\ssl\s3_clnt.c,0000098E), ref: 12006C05
                                                                                                                                                                                                          • BUF_MEM_new.LIBEAY32 ref: 1201C0CE
                                                                                                                                                                                                          • BUF_MEM_grow.LIBEAY32(00000000,00004000), ref: 1201C0E7
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1201C197
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1201C2D6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeM_growM_newO_ctrlR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3213175576-0
                                                                                                                                                                                                          • Opcode ID: f8d513bb6a6f664f62d14029cc6684ef248cc1325864a56562d4b9ebc9843801
                                                                                                                                                                                                          • Instruction ID: 56d30c3d18a724a1117b877af2fe0175943aa8762d0c219e1f9188e9c8319209
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8d513bb6a6f664f62d14029cc6684ef248cc1325864a56562d4b9ebc9843801
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2551DDB79017448FD366CF55D944AABB7E0EF48B08F000A2EE48A8BB00C770F544EB86
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200A352 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12006890: ERR_put_error.LIBEAY32(00000014,0000011B,00000041,.\ssl\s3_clnt.c,00000926), ref: 120069B3
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1200A0D4
                                                                                                                                                                                                          • BUF_MEM_new.LIBEAY32 ref: 1200A439
                                                                                                                                                                                                          • BUF_MEM_grow.LIBEAY32(00000000,00004000), ref: 1200A452
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1200A4E3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeM_growM_newO_ctrlR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3213175576-0
                                                                                                                                                                                                          • Opcode ID: e81efd18566811c1c5e0b2208e9422d2f6430107a959cc0094655f1ecf06a6aa
                                                                                                                                                                                                          • Instruction ID: b99aa0f3ce1186634ed41a6dbccd9457d558623d21f031ff940b24d93782218c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81efd18566811c1c5e0b2208e9422d2f6430107a959cc0094655f1ecf06a6aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD4103B75007498BF222DF14C944BABB2E1AF84385F000B2DEA4646A41C771F5C4EB9A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200A374 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12006AD0: ERR_put_error.LIBEAY32(00000014,00000121,00000041,.\ssl\s3_clnt.c,0000098E), ref: 12006C05
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1200A0D4
                                                                                                                                                                                                          • BUF_MEM_new.LIBEAY32 ref: 1200A439
                                                                                                                                                                                                          • BUF_MEM_grow.LIBEAY32(00000000,00004000), ref: 1200A452
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1200A4E3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeM_growM_newO_ctrlR_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3213175576-0
                                                                                                                                                                                                          • Opcode ID: 9539717fc82090841a6477f9c48c2b4527e7abf350f2c21e0da28da14ebf114c
                                                                                                                                                                                                          • Instruction ID: 0c087e7bc586c5e22e6db1742f2bb5c5f27c479f1a02349e90fbd1691bf7a6f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9539717fc82090841a6477f9c48c2b4527e7abf350f2c21e0da28da14ebf114c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B4103B75007498BF222DF14C944BABB2E1EF84785F000B2DEA4646A41C771F5C4EB9A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200A29A Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12008460: _memset.LIBCMT ref: 120084B7
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?), ref: 1200A0D4
                                                                                                                                                                                                          • BUF_MEM_new.LIBEAY32 ref: 1200A439
                                                                                                                                                                                                          • BUF_MEM_grow.LIBEAY32(00000000,00004000), ref: 1200A452
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 1200A4E3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeM_growM_newO_ctrl_memset
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3432697489-0
                                                                                                                                                                                                          • Opcode ID: 47ea92a3b10f6e484c3e47e81149dde95b9cb3951fd709beb51e6547ff519d73
                                                                                                                                                                                                          • Instruction ID: bca9df98b231997b2b143aff6c9033463b37addd252447516ec377e850d2c323
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47ea92a3b10f6e484c3e47e81149dde95b9cb3951fd709beb51e6547ff519d73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9941E2B75007498BF222DF14C944BABB2E1BF84785F000B2EEA4686A41D771F5C4EB5A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200DAA0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BIO_free.LIBEAY32(?,?,12005543,?), ref: 1200DAB3
                                                                                                                                                                                                          • BIO_s_mem.LIBEAY32(?), ref: 1200DAD0
                                                                                                                                                                                                          • BIO_new.LIBEAY32(00000000), ref: 1200DAD6
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,00000009,00000001,00000000), ref: 1200DB06
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_mem
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 458502033-0
                                                                                                                                                                                                          • Opcode ID: 1c45b28d61f0ad82a6c46159ce46a965e32226bcd34765ccc1a106e22cd95210
                                                                                                                                                                                                          • Instruction ID: e5eb65a93b022c7f8d17163c7d7d43fb4af389e80e97330e05c627104fbbb17a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c45b28d61f0ad82a6c46159ce46a965e32226bcd34765ccc1a106e22cd95210
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53F0AF76A043008FF781D729E848FEA73F4AF04318F440679E40A8B292E6B1F8859796
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12024BE0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_MD_CTX_destroy.LIBEAY32(?,?,1200CB70,?,?), ref: 12024BEC
                                                                                                                                                                                                          • EVP_MD_CTX_create.LIBEAY32(?,1200CB70,?,?), ref: 12024BFA
                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBEAY32(00000000,1200CB70,00000000,?,1200CB70,?,?), ref: 12024C11
                                                                                                                                                                                                          • EVP_MD_CTX_destroy.LIBEAY32(00000000,?,1200CB70,?,?), ref: 12024C24
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_destroy$DigestInit_exX_create
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3088442214-0
                                                                                                                                                                                                          • Opcode ID: 180b25277a5edbb6a4de63bb28c6ad4063e39d0cbd65a9048fa88ea7aae549ab
                                                                                                                                                                                                          • Instruction ID: a64396ac26e1575533b7b550bc40081e38a5d9fc0cb932585eddcae84ff47a53
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 180b25277a5edbb6a4de63bb28c6ad4063e39d0cbd65a9048fa88ea7aae549ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF0FEB6A042025AEB92DF69A805BA6B3F89F14312F16192DEC84C7640EA74E440A761
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120123F0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_get_ciphers.SSLEAY32(?), ref: 120123F7
                                                                                                                                                                                                          • sk_num.LIBEAY32(00000000,?), ref: 12012401
                                                                                                                                                                                                          • sk_value.LIBEAY32(00000000,00000000), ref: 12012412
                                                                                                                                                                                                          • sk_num.LIBEAY32(00000000), ref: 12012422
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: sk_num$L_get_cipherssk_value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850632280-0
                                                                                                                                                                                                          • Opcode ID: d33d7f61b347c784fe951a15459f6c4892c83f731573176477c36110b5a8030b
                                                                                                                                                                                                          • Instruction ID: 9e5d95a4b87705048e3106e91ea4b8ca7e1f655a0b81faf8dda5867405f237a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d33d7f61b347c784fe951a15459f6c4892c83f731573176477c36110b5a8030b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3E02BBF9000201F8762D6297C019BBA2A89B92661B090639FC048A100E515E943E6E6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120253E0 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32(?,120187AC,?,?,00000000,12001A88,?), ref: 120253E1
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32(?,120187AC,?,?,00000000,12001A88,?), ref: 120253ED
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32(?,120187AC,?,?,00000000,12001A88,?), ref: 120253F5
                                                                                                                                                                                                          • EVP_sha1.LIBEAY32(?,120187AC,?,?,00000000,12001A88,?), ref: 120253FD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_sha1
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 360267384-0
                                                                                                                                                                                                          • Opcode ID: 428f2d06466e459424aa0c8781c48ceab85250140c36ecd5b52aa9e450823e26
                                                                                                                                                                                                          • Instruction ID: 150ce3923e4f23331064fc999c593fa1aa040ffe9712d7a6d6e4322f9afedbcf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428f2d06466e459424aa0c8781c48ceab85250140c36ecd5b52aa9e450823e26
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11D0BC7A805F908ECAA2EBB190041ABBAF8BF48212B014A5BD59597610D734B441DB71
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201A8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenSSLDie.LIBEAY32(.\ssl\t1_ext.c,000000A8,!(meth->ext_flags & SSL_EXT_FLAG_SENT),?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1201AA00
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • !(meth->ext_flags & SSL_EXT_FLAG_SENT), xrefs: 1201A9F1
                                                                                                                                                                                                          • .\ssl\t1_ext.c, xrefs: 1201A9FB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                          • String ID: !(meth->ext_flags & SSL_EXT_FLAG_SENT)$.\ssl\t1_ext.c
                                                                                                                                                                                                          • API String ID: 71445658-3815644718
                                                                                                                                                                                                          • Opcode ID: aaf279ba7f84141ae2d446c6c06d44d80eefb1a54b39c281e2155a4b4d24a2b2
                                                                                                                                                                                                          • Instruction ID: b7bcf33c0cb85abf0f9b393a3ca955bc11e20355486537acdb4550e7738a8c42
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaf279ba7f84141ae2d446c6c06d44d80eefb1a54b39c281e2155a4b4d24a2b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1641E5765083428FD315CF24D9819ABB7E1BFC4205F058A2DF9999B341D334E988DB62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12006AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000121,00000041,.\ssl\s3_clnt.c,0000098E), ref: 12006C05
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_clnt.c
                                                                                                                                                                                                          • API String ID: 1767461275-2155475665
                                                                                                                                                                                                          • Opcode ID: b366142c93b7080738ef380cdf5f58adc4fcb61f92868760dc7174de066bdda3
                                                                                                                                                                                                          • Instruction ID: 3577603839005f374002187a3bb882c98bdc74f2c8a9dced05c4ac4af2a1076a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b366142c93b7080738ef380cdf5f58adc4fcb61f92868760dc7174de066bdda3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2312473A442117FF20AC714CC45FE5B7A29B41794F254379FA083E2E2C6A1A981D794
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200536B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?,?), ref: 120055FE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeO_ctrlR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 489248819-3445611115
                                                                                                                                                                                                          • Opcode ID: 337d2dab09870fc0526cb3fc8f5bc2d5508e6fe3369b1012fea3a6377e1419fc
                                                                                                                                                                                                          • Instruction ID: f9529fadcd75281c6cfac812c5187d23cdb27fbef2b032917e9270967b2da783
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 337d2dab09870fc0526cb3fc8f5bc2d5508e6fe3369b1012fea3a6377e1419fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF310732201701CBF321CF14D984A9ABBE6FF84759F410A2DE5499B680C732F905DB45
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120053DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 1094062903-3445611115
                                                                                                                                                                                                          • Opcode ID: 39426ab680038b5a5d2b1e860777c43811a5f1ed6b2dc76231c2e5102e9e71c5
                                                                                                                                                                                                          • Instruction ID: 687fb8e82ffed353e1f946399913733dac4564390e799e62c5f94e9164f5b96b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39426ab680038b5a5d2b1e860777c43811a5f1ed6b2dc76231c2e5102e9e71c5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 653103736007418FF321CF04D985AAABBE6FB84759F450B2DE6465B690C372F901DB49
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 120052C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 1094062903-3445611115
                                                                                                                                                                                                          • Opcode ID: 899298435561fb28c3ddfe05dda0730032355df6f5def8d937ca252fd847895f
                                                                                                                                                                                                          • Instruction ID: 1e9bdd4f44b77ba668c9420f2c158c588a0c0942686bd644f5f0df89b838b8a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899298435561fb28c3ddfe05dda0730032355df6f5def8d937ca252fd847895f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F731F2336417428BF321CF14E98569ABBE2FB80749F410B3DE2469B980C772F905EB59
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12005293 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12003B90: EVP_MD_CTX_init.LIBEAY32(?), ref: 12003BBE
                                                                                                                                                                                                            • Part of subcall function 12003B90: BIO_free.LIBEAY32(?), ref: 1200403C
                                                                                                                                                                                                            • Part of subcall function 12003B90: EVP_MD_CTX_cleanup.LIBEAY32(?), ref: 1200405C
                                                                                                                                                                                                            • Part of subcall function 12003B90: EVP_PKEY_free.LIBEAY32(00000000,?), ref: 12004062
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?,?), ref: 120055FE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeO_ctrlO_freeR_put_errorX_cleanupX_initY_free
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 1095167141-3445611115
                                                                                                                                                                                                          • Opcode ID: f4bb8e4497d6b0c561fa9370712a570a7080ce692c944a9fd5784fb65c465711
                                                                                                                                                                                                          • Instruction ID: d624d839448c861d4b02231766978e34513f038aa923b4eab561d0b7e15318fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4bb8e4497d6b0c561fa9370712a570a7080ce692c944a9fd5784fb65c465711
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B2136736007428BF321CF14E9856AEBBE2FB80759F450B3DE24697680C232F905EB49
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1200E34D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000124,00000085,.\ssl\s3_pkt.c,0000068E), ref: 1200E39D
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000124,00000044,.\ssl\s3_pkt.c,000006AA), ref: 1200E413
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_pkt.c
                                                                                                                                                                                                          • API String ID: 1767461275-4041216366
                                                                                                                                                                                                          • Opcode ID: f88c94848a449550fc699e0abb648091ab431aea02e40ecb5dc6528d34fb59f6
                                                                                                                                                                                                          • Instruction ID: 2c9c9780b7afee0b07ecce880a50df373d03a685facca74a6d70121c7cbb957f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f88c94848a449550fc699e0abb648091ab431aea02e40ecb5dc6528d34fb59f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5021BC763403019FF304DB18D984F9677E6BF88324F0542A8E94A9B391DB70F882CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12005327 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12004590: i2d_SSL_SESSION.SSLEAY32(?,00000000), ref: 120045D3
                                                                                                                                                                                                            • Part of subcall function 12004590: CRYPTO_malloc.LIBEAY32(00000000,.\ssl\s3_srvr.c,00000D87), ref: 120045FC
                                                                                                                                                                                                            • Part of subcall function 12004590: EVP_CIPHER_CTX_init.LIBEAY32(?), ref: 12004613
                                                                                                                                                                                                            • Part of subcall function 12004590: HMAC_CTX_init.LIBEAY32(?,?), ref: 12004620
                                                                                                                                                                                                            • Part of subcall function 12004590: i2d_SSL_SESSION.SSLEAY32(?,?,?,?), ref: 12004635
                                                                                                                                                                                                            • Part of subcall function 12004590: d2i_SSL_SESSION.SSLEAY32(00000000,?,00000000), ref: 12004651
                                                                                                                                                                                                            • Part of subcall function 12004590: i2d_SSL_SESSION.SSLEAY32 ref: 1200466D
                                                                                                                                                                                                            • Part of subcall function 12004590: i2d_SSL_SESSION.SSLEAY32(00000000,?,00000000,00000000), ref: 12004693
                                                                                                                                                                                                            • Part of subcall function 12004590: SSL_SESSION_free.SSLEAY32(00000000,?,?,00000000,00000000), ref: 120046A4
                                                                                                                                                                                                            • Part of subcall function 12004590: BUF_MEM_grow.LIBEAY32(?,?,00000000,?,?,00000000,00000000), ref: 120046C2
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?,?), ref: 120055FE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: i2d_$X_init$M_freeM_growN_freeO_ctrlO_mallocR_put_errord2i_
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 4031021300-3445611115
                                                                                                                                                                                                          • Opcode ID: 7e60bf4006b52bf4b4ecd6f4fd02d712bd83ff32be11b9f25012be45100ea959
                                                                                                                                                                                                          • Instruction ID: 5be30ed865807980ed32c48d0bc4a6dddb73705ed524085141f7224b5912b71a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e60bf4006b52bf4b4ecd6f4fd02d712bd83ff32be11b9f25012be45100ea959
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 632105735017428BF321CE14E9855AEBBD6FB80799F410A3DE24597580C372F905AB5A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12005349 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 12004AF0: BUF_MEM_grow.LIBEAY32(?,?), ref: 12004B1C
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,00000080,000000FF,.\ssl\s3_srvr.c,00000365), ref: 12004E04
                                                                                                                                                                                                          • BIO_ctrl.LIBEAY32(?,0000000B,00000000,00000000), ref: 120055AC
                                                                                                                                                                                                          • BUF_MEM_free.LIBEAY32(?,?), ref: 120055FE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_freeM_growO_ctrlR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\s3_srvr.c
                                                                                                                                                                                                          • API String ID: 234834961-3445611115
                                                                                                                                                                                                          • Opcode ID: 13c7ac5ef9ae9368b90e5d6698fc157a6bcede7c401ca5691579cf375a8ee108
                                                                                                                                                                                                          • Instruction ID: 39846fe413898d05b05c1d8eb937bb21e64bd718970c42eafff4f64cc1c72a59
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13c7ac5ef9ae9368b90e5d6698fc157a6bcede7c401ca5691579cf375a8ee108
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 952105735017428BF321CE14E9855AEBBD6FB80799F410A3DE24597580C372F905AB5A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1201AB80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SSL_extension_supported.SSLEAY32(?,?,?,1201AC53,?,?,?,?), ref: 1201AB96
                                                                                                                                                                                                          • CRYPTO_realloc.LIBEAY32(?,?,.\ssl\t1_ext.c,000000F7), ref: 1201ABD0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_extension_supportedO_realloc
                                                                                                                                                                                                          • String ID: .\ssl\t1_ext.c
                                                                                                                                                                                                          • API String ID: 2810361572-2266425821
                                                                                                                                                                                                          • Opcode ID: 82da742607bc6528f8835070fd11d94423aef197c2c9225b7dbf02c99039ad60
                                                                                                                                                                                                          • Instruction ID: a50f2c8b7bc49900d97b6cfe1590c761c10101b41793ccf9f34d5ef429b481df
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82da742607bc6528f8835070fd11d94423aef197c2c9225b7dbf02c99039ad60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C1151F66043429FE306CF18D890AA7B3E6EF44314B05467ED908CB352EB30E954DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12016A50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: .\ssl\t1_lib.c
                                                                                                                                                                                                          • API String ID: 0-2047370388
                                                                                                                                                                                                          • Opcode ID: 5042fb4943c449c06c75aa6fa3499dc7286a15756687161289b78425cf9c04b3
                                                                                                                                                                                                          • Instruction ID: 25c7bfdc7f0d54669176c33e83095e7cd4519b434ca51cbcff906f6562e8d60c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5042fb4943c449c06c75aa6fa3499dc7286a15756687161289b78425cf9c04b3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601D1777082015FD792CB28FC44BEB73E89FC4720F054569F4889B240D220EC86AA91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202B8A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000C9,00000043,.\ssl\ssl_rsa.c,00000133), ref: 1202B8BC
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000C9,00000041,.\ssl\ssl_rsa.c,00000137), ref: 1202B8F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 1767461275-614043423
                                                                                                                                                                                                          • Opcode ID: 1d82cb92d9fb067031d2d12c1143018714a3d9033425538ac4ebfb815d9ec3d0
                                                                                                                                                                                                          • Instruction ID: 64b5564d800d434e6a4ca77e41f80b5b72259c1aa2d02fb32883d1d7888feef4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d82cb92d9fb067031d2d12c1143018714a3d9033425538ac4ebfb815d9ec3d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F02EBB7C420439F541D36CBC42FE7A3545F90B21F594637FA097B1C5F550B250A0A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202CAF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000AB,00000043,.\ssl\ssl_rsa.c,0000017E), ref: 1202CB0C
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000AB,00000041,.\ssl\ssl_rsa.c,00000182), ref: 1202CB43
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 1767461275-614043423
                                                                                                                                                                                                          • Opcode ID: 43310632096b71f0eeca6cbc1750666428dd2ff7666e2b3ec458de431a8d2977
                                                                                                                                                                                                          • Instruction ID: c7968de1487dffa08922436a08e81d7fcb1d68225ef30b37b84cf0f45c216e94
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43310632096b71f0eeca6cbc1750666428dd2ff7666e2b3ec458de431a8d2977
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F089F7B813043AF511D7E46C82FD773941F04711F594572FB0AAA1C1E691E56061A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12022890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_free.LIBEAY32(?), ref: 120228A1
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(?,.\ssl\ssl_lib.c,000006E9), ref: 120228B8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 2609694610-3333140318
                                                                                                                                                                                                          • Opcode ID: de07ffb741a509846b2486cfb800cf705ee8f5ccfdd36557b04e73b38d96a9bf
                                                                                                                                                                                                          • Instruction ID: 79caf1ff434ec3506543a350a09ee50995ea871f8df7b5b0885dbdedb92e2f70
                                                                                                                                                                                                          • Opcode Fuzzy Hash: de07ffb741a509846b2486cfb800cf705ee8f5ccfdd36557b04e73b38d96a9bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F08CB7B062126FE702CB69EC04ADBF798AF94320F04063AF40897640E771E81192E6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12022200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • sk_num.LIBEAY32(00000000), ref: 1202222E
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,0000010F,000000B9,.\ssl\ssl_lib.c,00000578), ref: 12022250
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errorsk_num
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 3777708388-3333140318
                                                                                                                                                                                                          • Opcode ID: f6675f3939b26cfd8be038b38e11b2b65551ca4b1a3f2a6ac5d22be2b110add4
                                                                                                                                                                                                          • Instruction ID: 367c2033b39ec97fd19eedb11848ce2af45310954ec3419c8b8fc9ed53ff6a2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6675f3939b26cfd8be038b38e11b2b65551ca4b1a3f2a6ac5d22be2b110add4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3F089FE6402006FE704D760CC45FA733D45F84B01F4547B5BA0957691E961E904D551
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 1202FA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_malloc.LIBEAY32(00000018,.\ssl\bio_ssl.c,0000006A), ref: 1202FA89
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000020,00000076,00000041,.\ssl\bio_ssl.c,0000006C), ref: 1202FAA4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                          • String ID: .\ssl\bio_ssl.c
                                                                                                                                                                                                          • API String ID: 2513334388-1980322992
                                                                                                                                                                                                          • Opcode ID: fb7db9a0fa85f5af405eb41814dcb128f6be599218f2c868a43c8ff0668c946c
                                                                                                                                                                                                          • Instruction ID: 802fcc642077d98e81da0c70545ac8682efb434e42f5620554c953c54b98115c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb7db9a0fa85f5af405eb41814dcb128f6be599218f2c868a43c8ff0668c946c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F058B5A883009FE758CF18E806B41BBE0FB08701F46C2BEB50DDB392C674D5409A89
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 12021AB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D0,00000114,.\ssl\ssl_lib.c,00000416), ref: 12021AD0
                                                                                                                                                                                                          • ERR_put_error.LIBEAY32(00000014,000000D0,000000CF,.\ssl\ssl_lib.c,0000041C), ref: 12021AFF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.1777437719.0000000012001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 12000000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777412148.0000000012000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777869782.000000001204D000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777894589.000000001204E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_12000000_rutserv.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: .\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1767461275-3333140318
                                                                                                                                                                                                          • Opcode ID: d98c9f24964c0f0dacc448c48a485c53f19923425c201c53bfb26dcad8f17178
                                                                                                                                                                                                          • Instruction ID: 07c59985703a1e2cd6daa15d467d377df9aca9706cf9ae05ca542938903f8b4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d98c9f24964c0f0dacc448c48a485c53f19923425c201c53bfb26dcad8f17178
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82F082BD7803046FF611D724CC42F857AA06B44B19F9547A8B6196F9D3E3B1D840E554
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%