Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qdHMT36Tn9.exe

Overview

General Information

Sample name:qdHMT36Tn9.exe
renamed because original name is a hash value
Original sample name:3E5BA25AA4F23CEB11BE209D1967E341.exe
Analysis ID:1393956
MD5:3e5ba25aa4f23ceb11be209d1967e341
SHA1:c25a05acb5231776456d08fad7df0e48d92931c0
SHA256:518f22ac3dfb39779d6b21fdd230b71db39453f73b42f411009a0afe7dbbe818
Tags:exenjratRAT
Infos:

Detection

44Caliber Stealer, Njrat, Rags Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected 44Caliber Stealer
Yara detected Njrat
Yara detected Rags Stealer
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses netsh to modify the Windows network and firewall settings
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • qdHMT36Tn9.exe (PID: 1984 cmdline: C:\Users\user\Desktop\qdHMT36Tn9.exe MD5: 3E5BA25AA4F23CEB11BE209D1967E341)
    • 1.exe (PID: 4292 cmdline: "C:\Users\user\AppData\Local\Temp\1.exe" MD5: 0CE3051B867D50AA172D1B332F156E3E)
    • 3.exe (PID: 5656 cmdline: "C:\Users\user\AppData\Local\Temp\3.exe" MD5: 6D11195AF6CCA04EB53ECCF9AAF329DC)
      • netsh.exe (PID: 2260 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 5348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • 3.exe (PID: 7064 cmdline: "C:\Users\user\AppData\Local\Temp\3.exe" .. MD5: 6D11195AF6CCA04EB53ECCF9AAF329DC)
  • 3.exe (PID: 2724 cmdline: "C:\Users\user\AppData\Local\Temp\3.exe" .. MD5: 6D11195AF6CCA04EB53ECCF9AAF329DC)
  • 3.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\3.exe" .. MD5: 6D11195AF6CCA04EB53ECCF9AAF329DC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "mary-cottage.gl.at.ply.gg", "Port": "10652", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "TEMP"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\3.exeJoeSecurity_NjratYara detected NjratJoe Security
    C:\Users\user\AppData\Local\Temp\3.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7f0a:$a3: Download ERROR
    • 0x81fc:$a5: netsh firewall delete allowedprogram "
    C:\Users\user\AppData\Local\Temp\3.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x80f2:$a1: netsh firewall add allowedprogram
    • 0x82ec:$b1: [TAP]
    • 0x8292:$b2: & exit
    • 0x825e:$c1: md.exe /k ping 0 & del
    C:\Users\user\AppData\Local\Temp\3.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x81fc:$s1: netsh firewall delete allowedprogram
    • 0x80f2:$s2: netsh firewall add allowedprogram
    • 0x825c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ee6:$s4: Execute ERROR
    • 0x7f46:$s4: Execute ERROR
    • 0x7f0a:$s5: Download ERROR
    • 0x82a2:$s6: [kl]
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJoeSecurity_NjratYara detected NjratJoe Security
      Click to see the 10 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x64e1:$a1: get_Registry
        • 0x7f2a:$a3: Download ERROR
        • 0x821c:$a5: netsh firewall delete allowedprogram "
        00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
        • 0x8112:$a1: netsh firewall add allowedprogram
        • 0x830c:$b1: [TAP]
        • 0x82b2:$b2: & exit
        • 0x827e:$c1: md.exe /k ping 0 & del
        00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7d0a:$a3: Download ERROR
          • 0x7ffc:$a5: netsh firewall delete allowedprogram "
          Click to see the 23 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.0.3.exe.5c0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
            3.0.3.exe.5c0000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
            • 0x64c1:$a1: get_Registry
            • 0x7f0a:$a3: Download ERROR
            • 0x81fc:$a5: netsh firewall delete allowedprogram "
            3.0.3.exe.5c0000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
            • 0x80f2:$a1: netsh firewall add allowedprogram
            • 0x82ec:$b1: [TAP]
            • 0x8292:$b2: & exit
            • 0x825e:$c1: md.exe /k ping 0 & del
            3.0.3.exe.5c0000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
            • 0x81fc:$s1: netsh firewall delete allowedprogram
            • 0x80f2:$s2: netsh firewall add allowedprogram
            • 0x825c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
            • 0x7ee6:$s4: Execute ERROR
            • 0x7f46:$s4: Execute ERROR
            • 0x7f0a:$s5: Download ERROR
            • 0x82a2:$s6: [kl]
            2.0.1.exe.1f2cb290000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 6 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: New RUN Key Pointing to Suspicious Folder
              Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\user\AppData\Local\Temp\3.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\3.exe, ProcessId: 5656, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9902b29d6de7130c2f409ab27fb09fa7
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\3.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\3.exe, ProcessId: 5656, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9902b29d6de7130c2f409ab27fb09fa7
              Sigma detected: Startup Folder File Write
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\3.exe, ProcessId: 5656, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe
              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\3.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\3.exe, ProcessId: 5656, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\9902b29d6de7130c2f409ab27fb09fa7

              Snort Signatures

              Timestamp:02/17/24-20:52:04.259395
              SID:2825563
              Source Port:49707
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:49.072739
              SID:2814860
              Source Port:49720
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:09.235022
              SID:2814860
              Source Port:49724
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:15.853737
              SID:2814860
              Source Port:49725
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:23.326434
              SID:2033132
              Source Port:49749
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:11.034301
              SID:2825563
              Source Port:49708
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:18.141345
              SID:2033132
              Source Port:49748
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:07.732975
              SID:2033132
              Source Port:49746
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:02.386885
              SID:2033132
              Source Port:49745
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:12.949378
              SID:2033132
              Source Port:49747
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:38.776331
              SID:2814856
              Source Port:49719
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:51.562322
              SID:2033132
              Source Port:49743
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:56.964928
              SID:2033132
              Source Port:49744
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:16.567473
              SID:2825564
              Source Port:49747
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:24.696429
              SID:2814856
              Source Port:49717
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:31.906944
              SID:2814856
              Source Port:49718
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:53.150930
              SID:2814860
              Source Port:49722
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:17.604122
              SID:2814856
              Source Port:49716
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:11.846735
              SID:2814856
              Source Port:49725
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:28.458601
              SID:2033132
              Source Port:49750
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:54.853217
              SID:2814856
              Source Port:49755
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:46.089995
              SID:2033132
              Source Port:49742
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:58.615681
              SID:2814856
              Source Port:49723
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:40.466833
              SID:2033132
              Source Port:49741
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:39.466746
              SID:2033132
              Source Port:49752
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:05.382586
              SID:2814856
              Source Port:49724
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:34.811467
              SID:2033132
              Source Port:49740
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:59.597580
              SID:2814856
              Source Port:49756
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:34.464701
              SID:2033132
              Source Port:49751
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:28.798105
              SID:2814856
              Source Port:49750
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:34.764199
              SID:2814856
              Source Port:49751
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:52.098391
              SID:2814856
              Source Port:49722
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:49.734616
              SID:2814856
              Source Port:49754
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:45.642655
              SID:2814856
              Source Port:49720
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:39.797300
              SID:2814856
              Source Port:49752
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:44.790001
              SID:2814856
              Source Port:49753
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:31.906944
              SID:2825563
              Source Port:49718
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:28.653198
              SID:2033132
              Source Port:49739
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:24.391981
              SID:2033132
              Source Port:49717
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:35.919369
              SID:2825564
              Source Port:49718
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:21.864454
              SID:2033132
              Source Port:49738
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:17.298204
              SID:2033132
              Source Port:49716
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:15.940296
              SID:2033132
              Source Port:49737
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:38.776331
              SID:2825563
              Source Port:49719
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:03.325082
              SID:2033132
              Source Port:49735
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:58.433164
              SID:2825564
              Source Port:49755
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:56:01.071896
              SID:2825564
              Source Port:49756
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:57.092450
              SID:2033132
              Source Port:49734
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:09.959178
              SID:2033132
              Source Port:49736
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:59.278876
              SID:2033132
              Source Port:49756
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:44.467327
              SID:2033132
              Source Port:49753
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:27.778338
              SID:2825564
              Source Port:49717
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:17.604122
              SID:2825563
              Source Port:49716
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:24.696429
              SID:2825563
              Source Port:49717
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:11.034301
              SID:2814856
              Source Port:49708
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:18.307570
              SID:2825564
              Source Port:49716
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:25.040431
              SID:2814856
              Source Port:49729
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:44.248452
              SID:2033132
              Source Port:49732
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:25.770567
              SID:2825564
              Source Port:49738
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:49.433586
              SID:2033132
              Source Port:49754
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:04.259395
              SID:2814856
              Source Port:49707
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:18.507651
              SID:2814856
              Source Port:49728
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:50.736922
              SID:2033132
              Source Port:49733
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:23.647835
              SID:2814856
              Source Port:49749
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:54.388467
              SID:2033132
              Source Port:49755
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:52.690799
              SID:2825564
              Source Port:49733
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:28.982204
              SID:2814860
              Source Port:49729
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:27.598799
              SID:2814860
              Source Port:49749
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:22.343303
              SID:2814860
              Source Port:49728
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:31.595838
              SID:2033132
              Source Port:49718
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:38.473071
              SID:2033132
              Source Port:49719
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:35.408526
              SID:2825564
              Source Port:49730
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:32.523742
              SID:2825564
              Source Port:49750
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:01.316397
              SID:2814860
              Source Port:49744
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:55.861168
              SID:2814860
              Source Port:49743
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:50.393995
              SID:2814860
              Source Port:49742
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:06.615566
              SID:2814860
              Source Port:49745
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:11.913957
              SID:2814860
              Source Port:49746
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:19.572153
              SID:2825564
              Source Port:49728
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:39.102451
              SID:2814860
              Source Port:49740
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:18.199865
              SID:2033132
              Source Port:49728
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:17.086051
              SID:2814860
              Source Port:49747
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:22.416223
              SID:2814860
              Source Port:49748
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:44.777989
              SID:2814860
              Source Port:49741
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:09.235022
              SID:2825564
              Source Port:49724
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:58.615681
              SID:2825563
              Source Port:49723
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:05.034795
              SID:2033132
              Source Port:49724
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:11.528070
              SID:2033132
              Source Port:49725
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:51.799554
              SID:2033132
              Source Port:49722
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:58.312088
              SID:2033132
              Source Port:49723
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:28.983704
              SID:2814856
              Source Port:49739
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:13.250021
              SID:2814856
              Source Port:49747
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:10.263467
              SID:2814856
              Source Port:49736
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:22.169858
              SID:2814856
              Source Port:49738
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:57.269542
              SID:2814856
              Source Port:49744
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:18.464218
              SID:2814856
              Source Port:49748
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:51.047431
              SID:2814856
              Source Port:49733
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:16.249447
              SID:2814856
              Source Port:49737
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:37.752783
              SID:2033132
              Source Port:49731
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:45.336723
              SID:2033132
              Source Port:49720
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:57.407277
              SID:2814856
              Source Port:49734
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:02.706342
              SID:2814856
              Source Port:49745
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:31.237871
              SID:2033132
              Source Port:49730
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:08.024603
              SID:2814856
              Source Port:49746
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:03.647201
              SID:2814856
              Source Port:49735
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:31.544107
              SID:2814856
              Source Port:49730
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:40.792497
              SID:2814856
              Source Port:49741
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:35.114530
              SID:2814856
              Source Port:49740
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:44.566584
              SID:2814856
              Source Port:49732
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:51.869617
              SID:2814856
              Source Port:49743
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:38.074175
              SID:2814856
              Source Port:49731
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:46.401491
              SID:2814856
              Source Port:49742
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:54.912197
              SID:2814860
              Source Port:49733
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:53.691251
              SID:2814860
              Source Port:49754
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:58.692906
              SID:2814860
              Source Port:49755
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:48.544889
              SID:2814860
              Source Port:49732
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:01.281165
              SID:2814860
              Source Port:49734
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:41.995232
              SID:2814860
              Source Port:49731
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:07.631530
              SID:2814860
              Source Port:49735
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:43.699808
              SID:2814860
              Source Port:49752
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:48.795743
              SID:2814860
              Source Port:49753
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:56:01.071896
              SID:2814860
              Source Port:49756
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:18.307570
              SID:2814860
              Source Port:49716
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:20.056141
              SID:2814860
              Source Port:49737
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:32.523742
              SID:2814860
              Source Port:49750
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:55:38.656173
              SID:2814860
              Source Port:49751
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:35.408526
              SID:2814860
              Source Port:49730
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:14.174404
              SID:2814860
              Source Port:49736
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:25.770567
              SID:2814860
              Source Port:49738
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:53.150930
              SID:2825564
              Source Port:49722
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:52.098391
              SID:2825563
              Source Port:49722
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:35.919369
              SID:2814860
              Source Port:49718
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:33.408174
              SID:2814860
              Source Port:49739
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:27.778338
              SID:2814860
              Source Port:49717
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:04.094268
              SID:2033132
              Source Port:49707
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:49.072739
              SID:2825564
              Source Port:49720
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:54:44.533872
              SID:2825564
              Source Port:49741
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:45.642655
              SID:2825563
              Source Port:49720
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:53:24.727442
              SID:2033132
              Source Port:49729
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:02/17/24-20:52:10.711575
              SID:2033132
              Source Port:49708
              Destination Port:10652
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: mary-cottage.gl.at.ply.ggAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Source: C:\Users\user\AppData\Local\Temp\1.exeAvira: detection malicious, Label: HEUR/AGEN.1307065
              Source: C:\Users\user\AppData\Local\Temp\3.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Found malware configuration
              Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmpMalware Configuration Extractor: Njrat {"Host": "mary-cottage.gl.at.ply.gg", "Port": "10652", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "TEMP"}
              Multi AV Scanner detection for domain / URL
              Source: mary-cottage.gl.at.ply.ggVirustotal: Detection: 8%Perma Link
              Source: mary-cottage.gl.at.ply.ggVirustotal: Detection: 8%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\1.exeReversingLabs: Detection: 76%
              Source: C:\Users\user\AppData\Local\Temp\1.exeVirustotal: Detection: 71%Perma Link
              Source: C:\Users\user\AppData\Local\Temp\3.exeReversingLabs: Detection: 100%
              Source: C:\Users\user\AppData\Local\Temp\3.exeVirustotal: Detection: 88%Perma Link
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeReversingLabs: Detection: 100%
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeVirustotal: Detection: 88%Perma Link
              Multi AV Scanner detection for submitted file
              Source: qdHMT36Tn9.exeReversingLabs: Detection: 76%
              Source: qdHMT36Tn9.exeVirustotal: Detection: 77%Perma Link
              Yara detected Njrat
              Source: Yara matchFile source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 3.exe PID: 5656, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPED
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\1.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\3.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: qdHMT36Tn9.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: +POFWV
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: Y^XOKG
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: q;MDST
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: K;]CTQM+S
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: J^B_F
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: x:BYP/8Q_]
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: ~yJZ43K(Fuw
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: {:$!1'
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: hG^GAWQ
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: ABJDC^
              Source: 2.0.1.exe.1f2cb290000.0.unpackString decryptor: "*"!5<'t9<s:?;s5p'' o!1!:6'$

              Location Tracking

              barindex
              Tries to detect the country of the analysis system (by using the IP)
              Source: unknownDNS query: name: freegeoip.app
              Source: qdHMT36Tn9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: unknownHTTPS traffic detected: 172.67.160.84:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.209.71:443 -> 192.168.2.5:49706 version: TLS 1.2
              Source: qdHMT36Tn9.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: qdHMT36Tn9.exe
              Source: Binary string: mscorlib.pdb source: 1.exe, 00000002.00000002.2051820157.000001F2CD172000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: 1.exe, 00000002.00000002.2057293840.000001F2E5836000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\Downloads\44CALIBER-main\44CALIBER\obj\Release\Nursultan.pdb source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD192000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.dr
              Source: Binary string: System.pdb source: 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmp
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: 3.exe, 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: autorun.inf
              Source: 3.exe, 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: [autorun]
              Source: 3.exe, 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: 3.exe, 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: 9902b29d6de7130c2f409ab27fb09fa7.exe.3.drBinary or memory string: autorun.inf
              Source: 9902b29d6de7130c2f409ab27fb09fa7.exe.3.drBinary or memory string: [autorun]
              Source: 3.exe.0.drBinary or memory string: autorun.inf
              Source: 3.exe.0.drBinary or memory string: [autorun]
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0056C4A8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0056C4A8
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0057E560 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0057E560
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058D998 FindFirstFileExA,0_2_0058D998

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49707 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49707 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49707 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49708 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49708 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49708 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49716 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49716 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49716 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49716 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49716 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49717 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49717 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49717 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49717 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49717 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49718 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49718 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49718 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49718 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49718 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49719 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49719 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49719 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49720 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49720 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49720 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49720 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49720 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49722 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49722 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49722 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49722 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49722 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49723 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49723 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49723 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49724 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49724 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49724 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49724 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49725 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49725 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49725 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49728 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49728 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49728 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49728 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49729 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49729 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49729 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49730 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49730 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49730 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49730 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49731 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49731 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49731 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49732 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49732 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49732 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49733 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49733 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49733 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49733 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49734 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49734 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49734 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49735 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49735 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49735 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49736 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49736 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49736 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49737 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49737 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49737 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49738 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49738 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49738 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49738 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49739 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49739 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49739 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49740 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49740 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49740 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49741 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49741 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49741 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49741 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49742 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49742 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49742 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49743 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49743 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49743 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49744 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49744 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49744 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49745 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49745 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49745 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49746 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49746 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49746 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49747 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49747 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49747 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49747 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49748 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49748 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49748 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49749 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49749 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49749 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49750 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49750 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49750 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49750 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49751 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49751 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49751 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49752 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49752 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49752 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49753 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49753 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49753 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49754 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49754 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49754 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49755 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49755 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49755 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49755 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49756 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49756 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.5:49756 -> 147.185.221.17:10652
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.5:49756 -> 147.185.221.17:10652
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: mary-cottage.gl.at.ply.gg
              Connects to many ports of the same IP (likely port scanning)
              Source: global trafficTCP traffic: 147.185.221.17 ports 0,1,2,5,6,10652
              Yara detected Generic Downloader
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED
              Source: global trafficTCP traffic: 192.168.2.5:49707 -> 147.185.221.17:10652
              Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: ipbase.comConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 172.67.209.71 172.67.209.71
              Source: Joe Sandbox ViewIP Address: 147.185.221.17 147.185.221.17
              Source: Joe Sandbox ViewIP Address: 172.67.160.84 172.67.160.84
              Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: ipbase.comConnection: Keep-Alive
              Source: unknownDNS traffic detected: queries for: freegeoip.app
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 17 Feb 2024 19:51:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeAge: 0Cache-Control: public,max-age=0,must-revalidateCache-Status: "Netlify Edge"; fwd=missVary: Accept-EncodingX-Nf-Request-Id: 01HPWA06KE7Q6YWZ13ESJ0RXWWCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nD%2FqN1usfuEjBpDyOMSgN0VjHHfat69gi1bbbPZrxArTy18PlvgkxYxYVNGKMPS9u%2FFiW4PZ3gXb3pLHaWjXqWWHDG4l2XDcRqYMbFkSMd2HRJoucncjOX0WYU2b"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 85709163cd9543e2-EWRalt-svc: h3=":443"; ma=86400
              Source: cert9.db.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: cert9.db.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: cert9.db.2.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: cert9.db.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: cert9.db.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: cert9.db.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: cert9.db.2.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD19B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://freegeoip.app
              Source: 3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.
              Source: 3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD1F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipbase.com
              Source: cert9.db.2.drString found in binary or memory: http://ocsp.digicert.com0
              Source: cert9.db.2.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: cert9.db.2.drString found in binary or memory: http://x1.c.lencr.org/0
              Source: cert9.db.2.drString found in binary or memory: http://x1.i.lencr.org/0
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD1C9000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD0E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.vimeworld.ru/user/name/
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drString found in binary or memory: https://api.vimeworld.ru/user/name/5https://freegeoip.app/xml/
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drString found in binary or memory: https://discord.com/api/webhooks/1199323175729758268/CBdP8e3cXbL0ED8xKBhMw0ikKHmITu-6CI4WjfttZm2aWGZ
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, 3.exe, 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, 9902b29d6de7130c2f409ab27fb09fa7.exe.3.dr, 3.exe.0.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD181000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD0E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD1CF000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD19B000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com/xml/
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/ASOFTWARE
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://support.mozilla.org
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: tmpFC74.tmp.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownHTTPS traffic detected: 172.67.160.84:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.209.71:443 -> 192.168.2.5:49706 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Contains functionality to log keystrokes (.Net Source)
              Source: 3.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode
              Source: 9902b29d6de7130c2f409ab27fb09fa7.exe.3.dr, kl.cs.Net Code: VKCodeToUnicode

              E-Banking Fraud

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 3.exe PID: 5656, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPED

              Operating System Destruction

              barindex
              Protects its processes via BreakOnTermination flag
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: 01 00 00 00 Jump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: Detects A310Logger Author: ditekSHen
              Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: Detects A310Logger Author: ditekSHen
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDBECA NtQuerySystemInformation,3_2_00DDBECA
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDBBEA NtSetInformationProcess,3_2_00DDBBEA
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDBBC8 NtSetInformationProcess,3_2_00DDBBC8
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDBE8F NtQuerySystemInformation,3_2_00DDBE8F
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00567FD3: _wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00567FD3
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0056F9630_2_0056F963
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005699060_2_00569906
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0057EA070_2_0057EA07
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00578C7E0_2_00578C7E
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005940440_2_00594044
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005760F70_2_005760F7
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005791110_2_00579111
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005721250_2_00572125
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005782D00_2_005782D0
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0056E3940_2_0056E394
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005764450_2_00576445
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005714760_2_00571476
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0057976F0_2_0057976F
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005877380_2_00587738
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005709490_2_00570949
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005879670_2_00587967
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058FA900_2_0058FA90
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00563AB70_2_00563AB7
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00564C6E0_2_00564C6E
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00575E860_2_00575E86
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058FF3E0_2_0058FF3E
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00562FCB0_2_00562FCB
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00570FAC0_2_00570FAC
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F112FD2_2_00007FF848F112FD
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F256422_2_00007FF848F25642
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F248DA2_2_00007FF848F248DA
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F113552_2_00007FF848F11355
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: String function: 00581D60 appears 31 times
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: String function: 00581590 appears 57 times
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005873000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNursultan.exe4 vs qdHMT36Tn9.exe
              Source: qdHMT36Tn9.exe, 00000000.00000002.2023616594.0000000005905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNursultan.exe4 vs qdHMT36Tn9.exe
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: dxgidebug.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeSection loaded: uxtheme.dllJump to behavior
              Source: qdHMT36Tn9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
              Source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207
              Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
              Source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPEDMatched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207
              Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@11/19@3/3
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00567BFF GetLastError,FormatMessageW,0_2_00567BFF
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDB89A AdjustTokenPrivileges,3_2_00DDB89A
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDB863 AdjustTokenPrivileges,3_2_00DDB863
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0057C652 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0057C652
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile created: C:\Users\user\AppData\Local\44Jump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5348:120:WilError_03
              Source: C:\Users\user\AppData\Local\Temp\3.exeMutant created: NULL
              Source: C:\Users\user\AppData\Local\Temp\3.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: C:\Users\user\AppData\Local\Temp\3.exeMutant created: \Sessions\1\BaseNamedObjects\9902b29d6de7130c2f409ab27fb09fa7
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6485750Jump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCommand line argument: sfxname0_2_0058037C
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCommand line argument: sfxstime0_2_0058037C
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCommand line argument: pPZ0_2_0058037C
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCommand line argument: STARTDLG0_2_0058037C
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCommand line argument: >GY0_2_00594690
              Source: qdHMT36Tn9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile read: C:\Windows\win.iniJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 1.exe, 00000002.00000002.2051820157.000001F2CD17B000.00000004.00000800.00020000.00000000.sdmp, tmpFD12.tmp.dat.2.dr, tmpFD94.tmp.dat.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: qdHMT36Tn9.exeReversingLabs: Detection: 76%
              Source: qdHMT36Tn9.exeVirustotal: Detection: 77%
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile read: C:\Users\user\Desktop\qdHMT36Tn9.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\qdHMT36Tn9.exe C:\Users\user\Desktop\qdHMT36Tn9.exe
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\1.exe "C:\Users\user\AppData\Local\Temp\1.exe"
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe"
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLE
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe" ..
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe" ..
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe" ..
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\1.exe "C:\Users\user\AppData\Local\Temp\1.exe" Jump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLEJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: qdHMT36Tn9.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
              Source: qdHMT36Tn9.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: qdHMT36Tn9.exe
              Source: Binary string: mscorlib.pdb source: 1.exe, 00000002.00000002.2051820157.000001F2CD172000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: 1.exe, 00000002.00000002.2057293840.000001F2E5836000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\Downloads\44CALIBER-main\44CALIBER\obj\Release\Nursultan.pdb source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD192000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.dr
              Source: Binary string: System.pdb source: 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmp
              Source: qdHMT36Tn9.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: qdHMT36Tn9.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: qdHMT36Tn9.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: qdHMT36Tn9.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: qdHMT36Tn9.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 3.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: 9902b29d6de7130c2f409ab27fb09fa7.exe.3.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: 1.exe.0.drStatic PE information: 0xEBC36CC3 [Thu May 5 16:58:43 2095 UTC]
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6485750Jump to behavior
              Source: qdHMT36Tn9.exeStatic PE information: section name: .didat
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058125A push ecx; ret 0_2_0058126D
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00581DB0 push ecx; ret 0_2_00581DC3
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F112FD push esp; retn 4810h2_2_00007FF848F116C6
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F1021D push E95D9198h; ret 2_2_00007FF848F10259
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F1025B push E95D9198h; ret 2_2_00007FF848F10259
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F1EBCE push cs; iretd 2_2_00007FF848F1EBCF
              Source: C:\Users\user\AppData\Local\Temp\1.exeCode function: 2_2_00007FF848F100BD pushad ; iretd 2_2_00007FF848F100C1
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJump to dropped file
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile created: C:\Users\user\AppData\Local\Temp\3.exeJump to dropped file
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeFile created: C:\Users\user\AppData\Local\Temp\1.exeJump to dropped file

              Boot Survival

              barindex
              Creates autostart registry keys with suspicious names
              Source: C:\Users\user\AppData\Local\Temp\3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7Jump to behavior
              Drops PE files to the startup folder
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7Jump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\AppData\Local\Temp\1.exeMemory allocated: 1F2CB7E0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeMemory allocated: 1F2E50E0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 10B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 4D60000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: F70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 1480000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 5150000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 18B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 3330000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeMemory allocated: 5330000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599782Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599657Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599532Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599422Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599305Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599188Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599077Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598921Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598812Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598688Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598469Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeWindow / User API: threadDelayed 1998Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeWindow / User API: threadDelayed 728Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeWindow / User API: threadDelayed 3190Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeWindow / User API: threadDelayed 725Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeWindow / User API: threadDelayed 4487Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeWindow / User API: foregroundWindowGot 413Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeWindow / User API: foregroundWindowGot 1272Jump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-24213
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -11068046444225724s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599891s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599782s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599657s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599532s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599422s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599305s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599188s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -599077s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598921s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598812s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598688s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598578s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598469s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 6340Thread sleep time: -598359s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 5696Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exe TID: 5880Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 4788Thread sleep time: -725000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 4788Thread sleep time: -4487000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 3292Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 3652Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exe TID: 6180Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
              Source: C:\Users\user\AppData\Local\Temp\1.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0056C4A8 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0056C4A8
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0057E560 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0057E560
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058D998 FindFirstFileExA,0_2_0058D998
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00580B80 VirtualQuery,GetSystemInfo,0_2_00580B80
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599782Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599657Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599532Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599422Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599305Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599188Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 599077Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598921Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598812Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598688Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598578Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598469Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: discord.comVMware20,11696428655f
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: global block list test formVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: 3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWment, System.WorkflowServices, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: netsh.exe, 00000004.00000002.2090766171.0000000000824000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.2090413332.0000000000821000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: 1.exe, 00000002.00000002.2056331183.000001F2DD1C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,116
              Source: 3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: AMC password management pageVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: 1.exe, 00000002.00000002.2057293840.000001F2E57B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll?
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: tmpFD83.tmp.dat.2.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeAPI call chain: ExitProcess graph end nodegraph_0-24445
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058647F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0058647F
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058A640 mov eax, dword ptr fs:[00000030h]0_2_0058A640
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058E680 GetProcessHeap,0_2_0058E680
              Source: C:\Users\user\AppData\Local\Temp\1.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058215D SetUnhandledExceptionFilter,0_2_0058215D
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005812D7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_005812D7
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058647F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0058647F
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_00581FCA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00581FCA
              Source: C:\Users\user\AppData\Local\Temp\1.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: 3.exe.0.dr, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
              Source: 3.exe.0.dr, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
              Source: 3.exe.0.dr, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\1.exe "C:\Users\user\AppData\Local\Temp\1.exe" Jump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeProcess created: C:\Users\user\AppData\Local\Temp\3.exe "C:\Users\user\AppData\Local\Temp\3.exe" Jump to behavior
              Source: 3.exe, 00000003.00000002.4480531198.000000000320E000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.00000000030C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: 3.exe, 00000003.00000002.4480531198.000000000320E000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.0000000002EA7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.
              Source: 3.exe, 00000003.00000002.4480531198.000000000320E000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.0000000002EA7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
              Source: 3.exe, 00000003.00000002.4480531198.000000000320E000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, 3.exe, 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_005727A9 cpuid 0_2_005727A9
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0057D0AB
              Source: C:\Users\user\AppData\Local\Temp\1.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0058037C GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0058037C
              Source: C:\Users\user\AppData\Local\Temp\3.exeCode function: 3_2_00DDB1EA GetUserNameW,3_2_00DDB1EA
              Source: C:\Users\user\Desktop\qdHMT36Tn9.exeCode function: 0_2_0056D076 GetVersionExW,0_2_0056D076
              Source: C:\Users\user\AppData\Local\Temp\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Modifies the windows firewall
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLE
              Uses netsh to modify the Windows network and firewall settings
              Source: C:\Users\user\AppData\Local\Temp\3.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLE

              Stealing of Sensitive Information

              barindex
              Yara detected 44Caliber Stealer
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED
              Yara detected Njrat
              Source: Yara matchFile source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 3.exe PID: 5656, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPED
              Yara detected Rags Stealer
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2051820157.000001F2CD109000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: JaxxDir
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusDir
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
              Source: qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\1.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2051820157.000001F2CD109000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected 44Caliber Stealer
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED
              Yara detected Njrat
              Source: Yara matchFile source: 3.0.3.exe.5c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 3.exe PID: 5656, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3.exe, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, type: DROPPED
              Yara detected Rags Stealer
              Source: Yara matchFile source: 2.0.1.exe.1f2cb290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2051820157.000001F2CD109000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: qdHMT36Tn9.exe PID: 1984, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4292, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure1
              Replication Through Removable Media              		121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		21
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts11
              Native API              		221
              Registry Run Keys / Startup Folder              		1
              Access Token Manipulation              		1
              Deobfuscate/Decode Files or Information              		1
              Input Capture              		1
              Peripheral Device Discovery              		Remote Desktop Protocol3
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              Command and Scripting Interpreter              		Logon Script (Windows)12
              Process Injection              		2
              Obfuscated Files or Information              		Security Account Manager1
              Account Discovery              		SMB/Windows Admin Shares1
              Input Capture              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook221
              Registry Run Keys / Startup Folder              		11
              Software Packing              		NTDS2
              File and Directory Discovery              		Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Timestomp              		LSA Secrets56
              System Information Discovery              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials241
              Security Software Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Masquerading              		DCSync2
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
              Virtualization/Sandbox Evasion              		Proc Filesystem151
              Virtualization/Sandbox Evasion              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Access Token Manipulation              		/etc/passwd and /etc/shadow1
              Application Window Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
              Process Injection              		Network Sniffing1
              System Owner/User Discovery              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1393956 Sample: qdHMT36Tn9.exe Startdate: 17/02/2024 Architecture: WINDOWS Score: 100 36 freegeoip.app 2->36 38 mary-cottage.gl.at.ply.gg 2->38 40 ipbase.com 2->40 48 Snort IDS alert for network traffic 2->48 50 Multi AV Scanner detection for domain / URL 2->50 52 Found malware configuration 2->52 56 18 other signatures 2->56 9 qdHMT36Tn9.exe 9 2->9         started        13 3.exe 3 2->13         started        15 3.exe 2 2->15         started        17 3.exe 2 2->17         started        signatures3 54 Tries to detect the country of the analysis system (by using the IP) 36->54 process4 file5 32 C:\Users\user\AppData\Local\Temp\3.exe, PE32 9->32 dropped 34 C:\Users\user\AppData\Local\Temp\1.exe, PE32 9->34 dropped 74 Found many strings related to Crypto-Wallets (likely being stolen) 9->74 19 3.exe 3 5 9->19         started        24 1.exe 14 51 9->24         started        signatures6 process7 dnsIp8 42 mary-cottage.gl.at.ply.gg 147.185.221.17, 10652, 49707, 49708 SALSGIVERUS United States 19->42 30 C:\...\9902b29d6de7130c2f409ab27fb09fa7.exe, PE32 19->30 dropped 58 Antivirus detection for dropped file 19->58 60 Multi AV Scanner detection for dropped file 19->60 62 Protects its processes via BreakOnTermination flag 19->62 72 4 other signatures 19->72 26 netsh.exe 2 19->26         started        44 freegeoip.app 172.67.160.84, 443, 49705 CLOUDFLARENETUS United States 24->44 46 ipbase.com 172.67.209.71, 443, 49706 CLOUDFLARENETUS United States 24->46 64 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 24->64 66 Machine Learning detection for dropped file 24->66 68 Tries to harvest and steal browser information (history, passwords, etc) 24->68 70 Tries to steal Crypto Currency Wallets 24->70 file9 signatures10 process11 process12 28 conhost.exe 26->28         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              qdHMT36Tn9.exe76%ReversingLabsByteCode-MSIL.Trojan.NjRAT
              qdHMT36Tn9.exe78%VirustotalBrowse
              qdHMT36Tn9.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe100%AviraTR/ATRAPS.Gen
              C:\Users\user\AppData\Local\Temp\1.exe100%AviraHEUR/AGEN.1307065
              C:\Users\user\AppData\Local\Temp\3.exe100%AviraTR/ATRAPS.Gen
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\1.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\3.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\1.exe76%ReversingLabsByteCode-MSIL.Trojan.DataStealer
              C:\Users\user\AppData\Local\Temp\1.exe72%VirustotalBrowse
              C:\Users\user\AppData\Local\Temp\3.exe100%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay
              C:\Users\user\AppData\Local\Temp\3.exe89%VirustotalBrowse
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe100%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe89%VirustotalBrowse

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              ipbase.com1%VirustotalBrowse
              freegeoip.app0%VirustotalBrowse
              mary-cottage.gl.at.ply.gg9%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://go.microsoft.0%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              mary-cottage.gl.at.ply.gg100%Avira URL Cloudmalware
              http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
              http://go.microsoft.LinkId=421270%Avira URL Cloudsafe
              https://discord.com/api/webhooks/1199323175729758268/CBdP8e3cXbL0ED8xKBhMw0ikKHmITu-6CI4WjfttZm2aWGZ0%Avira URL Cloudsafe
              https://freegeoip.app0%VirustotalBrowse
              https://freegeoip.app/xml/1%VirustotalBrowse
              mary-cottage.gl.at.ply.gg9%VirustotalBrowse
              https://discord.com/api/webhooks/1199323175729758268/CBdP8e3cXbL0ED8xKBhMw0ikKHmITu-6CI4WjfttZm2aWGZ0%VirustotalBrowse
              https://freegeoip.app/xml/0%Avira URL Cloudsafe
              https://freegeoip.app0%Avira URL Cloudsafe
              https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%Avira URL Cloudsafe
              http://ipbase.com0%Avira URL Cloudsafe
              https://ipbase.com/xml/0%Avira URL Cloudsafe
              https://ipbase.com0%Avira URL Cloudsafe
              http://freegeoip.app0%Avira URL Cloudsafe
              http://ipbase.com1%VirustotalBrowse
              http://freegeoip.app0%VirustotalBrowse
              https://ipbase.com/xml/0%VirustotalBrowse
              https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%VirustotalBrowse
              https://ipbase.com1%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ipbase.com
              		172.67.209.71
              		truefalseunknown
              freegeoip.app
              		172.67.160.84
              		truetrueunknown
              mary-cottage.gl.at.ply.gg
              		147.185.221.17
              		truetrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://freegeoip.app/xml/false
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              mary-cottage.gl.at.ply.ggtrue
              • 9%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              https://ipbase.com/xml/false
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtab1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                		high
                https://duckduckgo.com/ac/?q=1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                  		high
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                    		high
                    https://steamcommunity.com/profiles/ASOFTWAREqdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drfalse
                      		high
                      https://freegeoip.app1.exe, 00000002.00000002.2051820157.000001F2CD181000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD192000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                        		high
                        http://crl.rootca1.amazontrust.com/rootca1.crl0cert9.db.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://go.microsoft.3.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                          		high
                          http://ocsp.rootca1.amazontrust.com0:cert9.db.2.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://go.microsoft.LinkId=421273.exe, 00000003.00000002.4479346622.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://www.ecosia.org/newtab/1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                            		high
                            https://discord.com/api/webhooks/1199323175729758268/CBdP8e3cXbL0ED8xKBhMw0ikKHmITu-6CI4WjfttZm2aWGZqdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brtmpFC74.tmp.tmpdb.2.drfalse
                              		high
                              https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1251.exe, 00000002.00000002.2051820157.000001F2CD1C9000.00000004.00000800.00020000.00000000.sdmp, 1.exe, 00000002.00000002.2051820157.000001F2CD24F000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ac.ecosia.org/autocomplete?q=1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                                		high
                                https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0qdHMT36Tn9.exe, 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, 3.exe, 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, 9902b29d6de7130c2f409ab27fb09fa7.exe.3.dr, 3.exe.0.drfalse
                                  		high
                                  http://ipbase.com1.exe, 00000002.00000002.2051820157.000001F2CD1F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://x1.c.lencr.org/0cert9.db.2.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.i.lencr.org/0cert9.db.2.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                                    		high
                                    http://crt.rootca1.amazontrust.com/rootca1.cer0?cert9.db.2.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLtmpFC74.tmp.tmpdb.2.drfalse
                                      		high
                                      https://api.vimeworld.ru/user/name/1.exe, 00000002.00000002.2051820157.000001F2CD0E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.vimeworld.ru/user/name/5https://freegeoip.app/xml/qdHMT36Tn9.exe, 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, 1.exe.0.drfalse
                                          		high
                                          https://support.mozilla.orgtmpFC74.tmp.tmpdb.2.drfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name1.exe, 00000002.00000002.2051820157.000001F2CD172000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=1.exe, 00000002.00000002.2056331183.000001F2DD16A000.00000004.00000800.00020000.00000000.sdmp, tmpFD24.tmp.dat.2.dr, tmpFCC3.tmp.dat.2.drfalse
                                                		high
                                                https://ipbase.com1.exe, 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • 1%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://freegeoip.app1.exe, 00000002.00000002.2051820157.000001F2CD19B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                172.67.209.71
                                                		ipbase.comUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                147.185.221.17
                                                		mary-cottage.gl.at.ply.ggUnited States
                                                		12087SALSGIVERUStrue
                                                172.67.160.84
                                                		freegeoip.appUnited States
                                                		13335CLOUDFLARENETUStrue

                                                General Information

                                                Joe Sandbox version:40.0.0 Tourmaline
                                                Analysis ID:1393956
                                                Start date and time:2024-02-17 20:51:05 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 53s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:11
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:qdHMT36Tn9.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:3E5BA25AA4F23CEB11BE209D1967E341.exe
                                                Detection:MAL
                                                Classification:mal100.troj.adwa.spyw.evad.winEXE@11/19@3/3
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HCA Information:
                                                • Successful, ratio: 97%
                                                • Number of executed functions: 259
                                                • Number of non-executed functions: 99
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                20:51:55API Interceptor16x Sleep call for process: 1.exe modified
                                                20:52:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7 "C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                20:52:11AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7 "C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                20:52:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9902b29d6de7130c2f409ab27fb09fa7 "C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                20:52:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe
                                                20:52:34API Interceptor412341x Sleep call for process: 3.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                172.67.209.71dudick SystemDesk Important Crediential Notification 1.emlGet hashmaliciousHTMLPhisherBrowse
                                                  123.scr.exeGet hashmaliciousRags StealerBrowse
                                                    123.scr.exeGet hashmaliciousRags StealerBrowse
                                                      SecuriteInfo.com.FileRepMalware.dllGet hashmaliciousUnknownBrowse
                                                        case (426).xlsGet hashmaliciousUnknownBrowse
                                                          case (61).xlsGet hashmaliciousUnknownBrowse
                                                            147.185.221.17mFgIWyjDLH.exeGet hashmaliciousNjratBrowse
                                                              diversion.exeGet hashmaliciousNjratBrowse
                                                                diversion.exeGet hashmaliciousNjratBrowse
                                                                  Xworm_v3.1.exeGet hashmaliciousUnknownBrowse
                                                                    Xworm_v3.1.exeGet hashmaliciousUnknownBrowse
                                                                      zlR2uApll8.exeGet hashmaliciousNanocoreBrowse
                                                                        XYwaFhn69G.exeGet hashmaliciousXWormBrowse
                                                                          api-ms-win-crt-environment-l1-1-0.exeGet hashmaliciousQuasarBrowse
                                                                            Client.exeGet hashmaliciousQuasarBrowse
                                                                              at3UORuZ0B.exeGet hashmaliciousRevengeRATBrowse
                                                                                172.67.160.84123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                  RP.sfx.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                    3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                                                                      7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        Yandex.bin.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                          A6KiC17VqI.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            ljlZS3NiAP.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              ipbase.com64drop.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                              • 104.21.85.189
                                                                                              123.scr.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.85.189
                                                                                              123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                              • 172.67.209.71
                                                                                              123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                              • 172.67.209.71
                                                                                              RP.sfx.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                              • 104.21.85.189
                                                                                              i6R4NsEd8t.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 104.21.85.189
                                                                                              3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                                                                              • 104.21.28.190
                                                                                              7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.147.81
                                                                                              bcAE21roAv.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.147.81
                                                                                              VegaStealer_v1.bin.exeGet hashmaliciousAdes Stealer, NitroStealerBrowse
                                                                                              • 75.2.60.5
                                                                                              freegeoip.app64drop.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                              • 104.21.73.97
                                                                                              123.scr.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.73.97
                                                                                              123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                              • 104.21.73.97
                                                                                              123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                              • 172.67.160.84
                                                                                              RP.sfx.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                              • 172.67.160.84
                                                                                              i6R4NsEd8t.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 104.21.73.97
                                                                                              3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                                                                              • 172.67.160.84
                                                                                              7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.67.160.84
                                                                                              bcAE21roAv.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 104.21.73.97
                                                                                              VegaStealer_v1.bin.exeGet hashmaliciousAdes Stealer, NitroStealerBrowse
                                                                                              • 104.21.73.97

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              CLOUDFLARENETUSsetup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.12.235
                                                                                              JccyJc1Lds.exeGet hashmaliciousNjratBrowse
                                                                                              • 104.20.68.143
                                                                                              XEG062awcu.elfGet hashmaliciousMiraiBrowse
                                                                                              • 104.16.131.96
                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.94.211
                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.16.186
                                                                                              https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//estudiodobrusin.com.ar/wp-estudiodobrusin/estudiodobrusin/ndkyndkyndkyndkyndky/cGF1bC5ib3JnQGVsZGVycy5jb20uYXU=Get hashmaliciousUnknownBrowse
                                                                                              • 104.21.21.233
                                                                                              damaged_items.wsfGet hashmaliciousXWormBrowse
                                                                                              • 104.20.68.143
                                                                                              CustomerSupport [3.4].apkGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.174.84
                                                                                              CustomerSupport [3.4].apkGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.88.87
                                                                                              https://cdnstatic.thunderdepthsforger.topGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.139.22
                                                                                              SALSGIVERUSXDemonsSkeetStyleLeak.jarGet hashmaliciousDynamic StealerBrowse
                                                                                              • 147.185.221.16
                                                                                              XDemonsSkeetStyleLeak.jarGet hashmaliciousDynamic StealerBrowse
                                                                                              • 147.185.221.16
                                                                                              mFgIWyjDLH.exeGet hashmaliciousNjratBrowse
                                                                                              • 147.185.221.17
                                                                                              vUqZRQWMkX.elfGet hashmaliciousMiraiBrowse
                                                                                              • 147.168.44.58
                                                                                              huhu.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                              • 147.168.203.96
                                                                                              diversion.exeGet hashmaliciousNjratBrowse
                                                                                              • 147.185.221.17
                                                                                              diversion.exeGet hashmaliciousNjratBrowse
                                                                                              • 147.185.221.17
                                                                                              Xworm_v3.1.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.185.221.17
                                                                                              B.exeGet hashmaliciousCobian RATBrowse
                                                                                              • 147.185.221.18
                                                                                              Xworm_v3.1.exeGet hashmaliciousUnknownBrowse
                                                                                              • 147.185.221.17
                                                                                              CLOUDFLARENETUSsetup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.12.235
                                                                                              JccyJc1Lds.exeGet hashmaliciousNjratBrowse
                                                                                              • 104.20.68.143
                                                                                              XEG062awcu.elfGet hashmaliciousMiraiBrowse
                                                                                              • 104.16.131.96
                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.94.211
                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.16.186
                                                                                              https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//estudiodobrusin.com.ar/wp-estudiodobrusin/estudiodobrusin/ndkyndkyndkyndkyndky/cGF1bC5ib3JnQGVsZGVycy5jb20uYXU=Get hashmaliciousUnknownBrowse
                                                                                              • 104.21.21.233
                                                                                              damaged_items.wsfGet hashmaliciousXWormBrowse
                                                                                              • 104.20.68.143
                                                                                              CustomerSupport [3.4].apkGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.174.84
                                                                                              CustomerSupport [3.4].apkGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.88.87
                                                                                              https://cdnstatic.thunderdepthsforger.topGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.139.22

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              3b5074b1b5d032e5620f69f9f700ff0esetup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              damaged_items.wsfGet hashmaliciousXWormBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              2fD17D9plg.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              W57Mqdrelm.exeGet hashmaliciousRedLineBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              SecuriteInfo.com.Win32.RATX-gen.30107.2695.exeGet hashmaliciousRemcosBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              Grace Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.30335.3899.exeGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              SecuriteInfo.com.Trojan.MulDropNET.68.25834.10722.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.30335.3899.exeGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84
                                                                                              https://officedocverifiercom.godaddysites.comGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.209.71
                                                                                              • 172.67.160.84

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\Public\v6zchhhv.default-release\cert9.db

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                              Category:dropped
                                                                                              Size (bytes):229376
                                                                                              Entropy (8bit):0.643383182059925
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:A1zkVmvQhyn+Zoz67kMMTNlH333JqN8j/LKXu5Uu/:AlM0sCyW
                                                                                              MD5:F23F48363C7BAA0709698208A7E833A0
                                                                                              SHA1:07D2AEE271A0F2BA14608FE5A9A677E2594D22CC
                                                                                              SHA-256:51DFB72705CBEB6AF5A14F2BE20FC39172E86263E25704F50BEB292F776B7713
                                                                                              SHA-512:F8F16198A96F047E320EF82026160EBD5A0836B48FC3496C427F90965CF3BF5FAB5EBE0FB9016E3BDE56657EB42627D7286AED3167A422D69F865524892C3DFA
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\Public\v6zchhhv.default-release\key4.db

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):294912
                                                                                              Entropy (8bit):0.08438200565341271
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                              MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                              SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                              SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                              SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\44\Information.txt

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):623
                                                                                              Entropy (8bit):4.091770284971255
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:pYcCFWl4BjJTVIK923fypwSTeljUIAknnXmZu0GhOST7Y7V1nA67X:pYzdhgtSTeNDnXEV2ZT07V1A6r
                                                                                              MD5:D55FD9941577BDB006F2CA7939E87843
                                                                                              SHA1:B553830E24EA5D008F8512B9A359A8D821D4EAA1
                                                                                              SHA-256:A5E77E9559E86744CEDCC151F776523BB5B0EB5CEAB0FAA83FBDDDDEBB044C0D
                                                                                              SHA-512:BD13B95466A71C5910981C38D3F3949613956225C2FAE3AB28033C23203DC4101B9A6AFF1B76836E13BA48F7690102831B6051304817DD017BAE302DD4D9DDC5
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview: ==================================================. Operating system: Windows 10 Pro (64 Bit). PC user: 721680/user. ClipBoard: . Launch: C:\Users\user\AppData\Local\Temp\1.exe. ==================================================. Screen resolution: 1280x1024. Current time: 17/02/2024 22:51:47. HWID: 23A6FBB218. ==================================================. CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz. RAM: 4094MB. GPU: C9FD68. ==================================================. IP Geolocation: Fail Fail. Log Date: 02/17/2024 8:51. BSSID: 00:50:56:a7:21:15. ==================================================

                                                                                              C:\Users\user\AppData\Local\44\Process.txt

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):4307
                                                                                              Entropy (8bit):4.805904158095785
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:XqBmnBQUHIBqBBqqBBqBBBB0BBBqBuqBqBqXsxBBxBqBpqYB+PtrqqBqqBpBBBq2:EzUt7H176ztgG5p6
                                                                                              MD5:16463B329A2799E28B3F92933476C63F
                                                                                              SHA1:CFDB46776B2F7652FA5697876F17923D5C997BF7
                                                                                              SHA-256:F9366F41F64AF1E0F0F2CC02FA748E07D3B1CFC4F8E7145A7FED108DF0A79C23
                                                                                              SHA-512:78B4859B10D437B206E25E7DC5418D54080020532B3D91871C6D9DF1B3CF5D598BE70BC2824438180F17CEFCC4ACC7B30BE29B3069D469AA6FD5D854E77BDC8D
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview:NAME: svchost..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: upfc..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: RuntimeBroker..NAME: csrss..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: conhost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: sihost..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: dllhost..NAME: fontdrvhost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: fontdrvhost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: svchost..NAME: AyDpbcQrktAOlHrMBPpTZi..NAME: StartMenuExperienceHost..NAME: svchost..NAME: cscript..NAME: AyDpbcQrkt

                                                                                              C:\Users\user\AppData\Local\44\Screen.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):710642
                                                                                              Entropy (8bit):7.927511630010842
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:fFYjDPCAlHHKH9GEJ2Qg8QaB2GIyYRPrsEeLmeogwvVq4TqY8CxIfLKsWYns7:NYjDPtlnKdVJ5g8QaMLyYxFgwAuqjCxr
                                                                                              MD5:961DDDDA1B2524DADFD96CAF20D349CC
                                                                                              SHA1:789904C3AA3E7150E2BE026E2A831957F526FCBB
                                                                                              SHA-256:07D0F72DB9AF1750508452ACB52AC6A69AA1EE964DB03F693D6AB71C2BEFDB58
                                                                                              SHA-512:FA09AD832B055177DF46C51D8ED56BCA37DC223AEC6579377C91E96F1E0BF19456F0B0AF80AA61C5D91C4494EEACFF0798BD11200100F4C617451E8CC06A7AB2
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....eG....}...ms.....y}.U.....2o..*.....H.D.......H.y....'$$.....G^... .z..Z.:..3.;g........1cF...IP.o.X..9...dy..O.!..Z..Nyv(...I....5..N.s...'>....n..I2.{:S'L.=....'2.....w\......~>'.>.....k.O>.V.~t$......{L.w.SG..Q..e......}.M.......a.....Z..H........._>.......c1U...}s...{[.}..j.C....{.2....@..i.Y..}w.L....y...{......gG.]?....w....i}bQ...S.....-..:..oK.....h ...3...f...f....@l.~.)s4V..C..........n.....,.......]us.y.M...Z-^u........ko.-1.+.}@.....<..=...Xu^...j).O.E).5Si~.5..K......k....>...>7....Z.o.c..E..6C_,M..sK..>..s}..5)g.?...u.........5Ug..s....{K1....K...Z.r..v...G......re.c.(......zl*]...8,..j..i...vMs.\...|e.[....=...KwK.wM..te......9...Wd.v.......t.t..vv.,.-....].u........g].>......-.).C.s..d..s=..;....S.].Y..eiLN.....<S......m..6.US[_..K.O.. ...v..........Z.e.5..m...j.x..%...uS....q....<.<.~g...........ru=...

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\3.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):525
                                                                                              Entropy (8bit):5.259753436570609
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                                                                              MD5:260E01CC001F9C4643CA7A62F395D747
                                                                                              SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                                                                              SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                                                                              SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\1.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:CSV text
                                                                                              Category:dropped
                                                                                              Size (bytes):1498
                                                                                              Entropy (8bit):5.364175471524945
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:ML9E4KQEAE4KKUNt1qE4GIsCKDE4KGKZI6KhPKIE4TKBGKoPE4K6sXE4Npv:MxHKQEAHKKkt1qHGIsCYHKGSI6oPtHTy
                                                                                              MD5:D70164A2669BAC5564AE9329650DB5AE
                                                                                              SHA1:D918ED8E2C94480B29A5FD1403F32C9555CADB60
                                                                                              SHA-256:1795A022ED26274E44D1C5FE93C7CEDD53D18378FA2DF5B6EF91408F234B8A95
                                                                                              SHA-512:82E357E433C1AFB7026A4E6D146743A0720C6E67062349CAC2795EC70A6B76B210F84A64CFEAB94D406AAA55D98A5BEAF5054FED9D0A322B66ED10BE15DAB9B5
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906

                                                                                              C:\Users\user\AppData\Local\Temp\1.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\qdHMT36Tn9.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):546816
                                                                                              Entropy (8bit):4.529560276622592
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:ef+BLtABPDLgj1xw1eO5rbMMzhgUsYqTXGG/5zJRb2IXe05f4VGWWxjdq:d161eO5rbHHsYqTXGOXXe+4k8
                                                                                              MD5:0CE3051B867D50AA172D1B332F156E3E
                                                                                              SHA1:F87DEFE312CB3A5EFEA3F845D187762E153BDDAB
                                                                                              SHA-256:5AC29F18472F943F2EB3C256FDBFE251B04CA66AFC22FCBA65183B0509FEB529
                                                                                              SHA-512:5169A3ACD3C79CC4D22BF3A1F4D9770797D2C31503BAB1022A153AD56C382E495DE2CE06A8A04B3BB4B2FB2C666575DCDEFA26533FF5AFFC4B6CE126E2166193
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_RagsStealer, Description: Yara detected Rags Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_44CaliberStealer, Description: Yara detected 44Caliber Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_References_VPN, Description: Detects executables referencing many VPN software clients. Observed in infosteslers, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              • Rule: MALWARE_Win_A310Logger, Description: Detects A310Logger, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 76%
                                                                                              • Antivirus: Virustotal, Detection: 72%, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l............"...0..@...........8... ...`....@.. ....................................`..................................7..O....`..............................<7..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............V..............@..B.................8......H............(..........................................................2r...p(....&*....0..Z.......s".....rg..p~....o#....ry..p.o#....r...p~....o#...~....~.....(f.....o$...s%...o&....o'...*...0..V.......s".....rg..p.o#....ry..p.o#....r...p~....o#...~....~.....(f.....o$...s%...o&....o'...*...0..R.......s".....rg..p.o#....ry..p.o#....r...p~....o#....~.....(f.....o$...s%...o&....o'...*...0.............s(...%o)....}....%....io*...&o+...s".....r...p.o#....r...p.o#....r...p....s.

                                                                                              C:\Users\user\AppData\Local\Temp\3.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\qdHMT36Tn9.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):37888
                                                                                              Entropy (8bit):5.574290361725228
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:K+xcaCisP/WRdL5kyc/5kvHHng6sZ8prAF+rMRTyN/0L+EcoinblneHQM3epzX6r:nxckD5nc/5k/VscrM+rMRa8NuU5t
                                                                                              MD5:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              SHA1:85F70D6FCFF5212649DEAF1D18E66D563727C186
                                                                                              SHA-256:4C690A994E22EB6AA31AF6E552B610EA1FF01AC58622D56232AD6E820C2AA414
                                                                                              SHA-512:76A59B8164A478691D14BE7E5D002280EC5453CB6D9F73387AD45E49755D03927F3814C42DF987A4DC61C942E9E7B25AB9559651981020BF53AD56A8E4E65C8B
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: unknown
                                                                                              • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: Brian Wallace @botnet_hunter
                                                                                              • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: ditekSHen
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 100%
                                                                                              • Antivirus: Virustotal, Detection: 89%, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Bv.e................................ ........@.. ....................................@.................................|...O.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFC74.tmp.tmpdb

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):5242880
                                                                                              Entropy (8bit):0.03859996294213402
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                              MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                              SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                              SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                              SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFCC3.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):106496
                                                                                              Entropy (8bit):1.136413900497188
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD12.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.8553638852307782
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD13.tmp.tmpdb

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):98304
                                                                                              Entropy (8bit):0.08235737944063153
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD24.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):106496
                                                                                              Entropy (8bit):1.136413900497188
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD63.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                              Category:dropped
                                                                                              Size (bytes):196608
                                                                                              Entropy (8bit):1.121297215059106
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD83.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                              Category:dropped
                                                                                              Size (bytes):196608
                                                                                              Entropy (8bit):1.121297215059106
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\tmpFD94.tmp.dat

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):51200
                                                                                              Entropy (8bit):0.8746135976761988
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):37888
                                                                                              Entropy (8bit):5.574290361725228
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:K+xcaCisP/WRdL5kyc/5kvHHng6sZ8prAF+rMRTyN/0L+EcoinblneHQM3epzX6r:nxckD5nc/5k/VscrM+rMRa8NuU5t
                                                                                              MD5:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              SHA1:85F70D6FCFF5212649DEAF1D18E66D563727C186
                                                                                              SHA-256:4C690A994E22EB6AA31AF6E552B610EA1FF01AC58622D56232AD6E820C2AA414
                                                                                              SHA-512:76A59B8164A478691D14BE7E5D002280EC5453CB6D9F73387AD45E49755D03927F3814C42DF987A4DC61C942E9E7B25AB9559651981020BF53AD56A8E4E65C8B
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, Author: unknown
                                                                                              • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, Author: Brian Wallace @botnet_hunter
                                                                                              • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9902b29d6de7130c2f409ab27fb09fa7.exe, Author: ditekSHen
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 100%
                                                                                              • Antivirus: Virustotal, Detection: 89%, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Bv.e................................ ........@.. ....................................@.................................|...O.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                              \Device\ConDrv

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\netsh.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):313
                                                                                              Entropy (8bit):4.971939296804078
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                                                                              MD5:689E2126A85BF55121488295EE068FA1
                                                                                              SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                                                                              SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                                                                              SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                                                                              Malicious:false
                                                                                              Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):7.259721475252686
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:qdHMT36Tn9.exe
                                                                                              File size:471'910 bytes
                                                                                              MD5:3e5ba25aa4f23ceb11be209d1967e341
                                                                                              SHA1:c25a05acb5231776456d08fad7df0e48d92931c0
                                                                                              SHA256:518f22ac3dfb39779d6b21fdd230b71db39453f73b42f411009a0afe7dbbe818
                                                                                              SHA512:184243d51766bf8d292308e0177046f88e0eb55201eddc9d14670dd3d526c5ed6026c03c88227698670f451f43a3e4f1378f51f2334a9b54d83bb2bc677b0c04
                                                                                              SSDEEP:6144:jE+yclwQKjdn+WPtYVJIoBfRT+tkbOSeC2xDjAzQeOOg7Y55HkVSGsc:jBdlwHRn+WlYV+8T+tkKC0EEE17HkV8c
                                                                                              TLSH:56A4E113FAC1D0B2D03219321669CB61A6BC7C101F254BEB63D97D3DEA251D2AB317A7
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W...6...6...6....V..6....T.'6....U..6..)MZ..6..)M...6..)M...6..)M...6...N$..6...N4..6...6...7..'M...6..'M...6..'MX..6..'M...6.

                                                                                              File Icon

                                                                                              Icon Hash:1515d4d4442f2d2d

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x421d50
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x651BC7F7 [Tue Oct 3 07:51:19 2023 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:5
                                                                                              OS Version Minor:1
                                                                                              File Version Major:5
                                                                                              File Version Minor:1
                                                                                              Subsystem Version Major:5
                                                                                              Subsystem Version Minor:1
                                                                                              Import Hash:75e9596d74d063246ba6f3ac7c5369a0

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              call 00007FB5F189140Bh
                                                                                              jmp 00007FB5F1890DBDh
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              push 00424F20h
                                                                                              push dword ptr fs:[00000000h]
                                                                                              mov eax, dword ptr [esp+10h]
                                                                                              mov dword ptr [esp+10h], ebp
                                                                                              lea ebp, dword ptr [esp+10h]
                                                                                              sub esp, eax
                                                                                              push ebx
                                                                                              push esi
                                                                                              push edi
                                                                                              mov eax, dword ptr [0044277Ch]
                                                                                              xor dword ptr [ebp-04h], eax
                                                                                              xor eax, ebp
                                                                                              push eax
                                                                                              mov dword ptr [ebp-18h], esp
                                                                                              push dword ptr [ebp-08h]
                                                                                              mov eax, dword ptr [ebp-04h]
                                                                                              mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                              mov dword ptr [ebp-08h], eax
                                                                                              lea eax, dword ptr [ebp-10h]
                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                              ret
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              int3
                                                                                              mov ecx, dword ptr [ebp-10h]
                                                                                              mov dword ptr fs:[00000000h], ecx
                                                                                              pop ecx
                                                                                              pop edi
                                                                                              pop edi
                                                                                              pop esi
                                                                                              pop ebx
                                                                                              mov esp, ebp
                                                                                              pop ebp
                                                                                              push ecx
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              sub esp, 0Ch
                                                                                              lea ecx, dword ptr [ebp-0Ch]
                                                                                              call 00007FB5F18834E1h
                                                                                              push 0043F388h
                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                              push eax
                                                                                              call 00007FB5F1893935h
                                                                                              int3
                                                                                              jmp 00007FB5F1895808h
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              and dword ptr [00466078h], 00000000h
                                                                                              sub esp, 24h
                                                                                              or dword ptr [004427B0h], 01h
                                                                                              push 0000000Ah
                                                                                              call dword ptr [004361D0h]
                                                                                              test eax, eax
                                                                                              je 00007FB5F18910F2h
                                                                                              and dword ptr [ebp-10h], 00000000h
                                                                                              xor eax, eax
                                                                                              push ebx
                                                                                              push esi
                                                                                              push edi
                                                                                              xor ecx, ecx
                                                                                              lea edi, dword ptr [ebp-24h]

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x405c00x34.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x405f40x50.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x680000xe044.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x770000x255c.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3e3b00x54.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x388b00x40.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x360000x278.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3fa9c0x120.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x345cc0x34600b7a8b04ab2248443b05e8133fb3a9064False0.5887343377088305data6.708390817791953IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x360000xb4100xb600a418919d63b67e937555eec95d3b6bcbFalse0.45409083104395603Applesoft BASIC program data, first line number 45.215945456388312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0x420000x247580x1200d8d5c95192b51ddad1857caa38e7daa9False0.4049479166666667data4.078919796039023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .didat0x670000x1a40x200ee74a17c4eeb586c9811481b77498b43False0.4609375data3.5194570553957747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0x680000xe0440xe200e1d0c28d23b6b5c7cae80fcd7a967218False0.6343853705752213data6.80236513212897IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0x770000x255c0x2600699c6b2b1b2acad2d0f219d9328713afFalse0.783203125data6.6660836278877325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              PNG0x686440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                                              PNG0x6918c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                                              RT_ICON0x6a7380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                                                                                              RT_ICON0x6aca00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                                                                                              RT_ICON0x6b5480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                                                                                              RT_ICON0x6c3f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                                                                                              RT_ICON0x6c8580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                                                                                              RT_ICON0x6d9000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                                                                                              RT_ICON0x6fea80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                                                                                              RT_DIALOG0x73c1c0x2badata0.5286532951289399
                                                                                              RT_DIALOG0x73ed80x13adata0.6560509554140127
                                                                                              RT_DIALOG0x740140xf2data0.71900826446281
                                                                                              RT_DIALOG0x741080x14adata0.6
                                                                                              RT_DIALOG0x742540x314data0.47588832487309646
                                                                                              RT_DIALOG0x745680x24adata0.6279863481228669
                                                                                              RT_STRING0x747b40x1fcdata0.421259842519685
                                                                                              RT_STRING0x749b00x246data0.41924398625429554
                                                                                              RT_STRING0x74bf80x1a6data0.514218009478673
                                                                                              RT_STRING0x74da00xdcdata0.65
                                                                                              RT_STRING0x74e7c0x470data0.3873239436619718
                                                                                              RT_STRING0x752ec0x164data0.5056179775280899
                                                                                              RT_STRING0x754500x110data0.5772058823529411
                                                                                              RT_STRING0x755600x158data0.4563953488372093
                                                                                              RT_STRING0x756b80xe8data0.5948275862068966
                                                                                              RT_STRING0x757a00xe6data0.5695652173913044
                                                                                              RT_GROUP_ICON0x758880x68data0.7019230769230769
                                                                                              RT_MANIFEST0x758f00x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                                              Imports

                                                                                              DLLImport
                                                                                              KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetTimeFormatW, GetDateFormatW, LocalFree, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapReAlloc, HeapAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                              OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                              gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              02/17/24-20:52:04.259395TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4970710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:49.072739TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:09.235022TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:15.853737TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:23.326434TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:11.034301TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4970810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:18.141345TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:07.732975TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:02.386885TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:12.949378TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:38.776331TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4971910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:51.562322TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:56.964928TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:16.567473TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:24.696429TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4971710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:31.906944TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4971810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:53.150930TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:17.604122TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4971610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:11.846735TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:28.458601TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:54.853217TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:46.089995TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:58.615681TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:40.466833TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:39.466746TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:05.382586TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:34.811467TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:59.597580TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:34.464701TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:28.798105TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:34.764199TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:52.098391TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:49.734616TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:45.642655TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:39.797300TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:44.790001TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:31.906944TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:28.653198TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:24.391981TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:35.919369TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:21.864454TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:17.298204TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:15.940296TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:38.776331TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:03.325082TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:58.433164TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:56:01.071896TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:57.092450TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:09.959178TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:59.278876TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:44.467327TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:27.778338TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:17.604122TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:24.696429TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4971710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:11.034301TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4970810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:18.307570TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4971610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:25.040431TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:44.248452TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:25.770567TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:49.433586TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:04.259395TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4970710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:18.507651TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:50.736922TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:23.647835TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:54.388467TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:52.690799TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:28.982204TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:27.598799TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:22.343303TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:31.595838TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:38.473071TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4971910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:35.408526TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:32.523742TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:01.316397TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:55.861168TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:50.393995TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:06.615566TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:11.913957TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:19.572153TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:39.102451TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:18.199865TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:17.086051TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:22.416223TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:44.777989TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:09.235022TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:58.615681TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:05.034795TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:11.528070TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:51.799554TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:58.312088TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:28.983704TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:13.250021TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:10.263467TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:22.169858TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:57.269542TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:18.464218TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:51.047431TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:16.249447TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:37.752783TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:45.336723TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:57.407277TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:02.706342TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:31.237871TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:08.024603TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:03.647201TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:31.544107TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:40.792497TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:35.114530TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:44.566584TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:51.869617TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:38.074175TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:46.401491TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:54.912197TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:53.691251TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:58.692906TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:48.544889TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:01.281165TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973410652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:41.995232TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:07.631530TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973510652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:43.699808TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:48.795743TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975310652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:56:01.071896TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:18.307570TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4971610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:20.056141TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:32.523742TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:55:38.656173TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:35.408526TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:14.174404TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973610652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:25.770567TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:53.150930TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:52.098391TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972210652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:35.919369TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4971810652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:33.408174TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:27.778338TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4971710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:04.094268TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4970710652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:49.072739TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:54:44.533872TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974110652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:45.642655TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972010652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:53:24.727442TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972910652192.168.2.5147.185.221.17
                                                                                              02/17/24-20:52:10.711575TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4970810652192.168.2.5147.185.221.17

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Feb 17, 2024 20:51:55.878257036 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:55.878339052 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:55.878438950 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:55.897950888 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:55.898025990 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.094944954 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.095143080 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.098550081 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.098573923 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.099051952 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.150794029 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.190608978 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.237909079 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.307822943 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.307902098 CET44349705172.67.160.84192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.308073997 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.311899900 CET49705443192.168.2.5172.67.160.84
                                                                                              Feb 17, 2024 20:51:56.407522917 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.407557011 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.407629013 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.407999039 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.408008099 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.604279041 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.604355097 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.607356071 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.607367992 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.607893944 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.608773947 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.649982929 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.864753962 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.864814997 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.864850044 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.864883900 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.864907980 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.865081072 CET44349706172.67.209.71192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.865147114 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:51:56.877444029 CET49706443192.168.2.5172.67.209.71
                                                                                              Feb 17, 2024 20:52:03.803324938 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:03.958065033 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:03.958420038 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:04.094268084 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:04.259139061 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:04.259394884 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:04.464905977 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:04.525959015 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:04.730724096 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:08.484978914 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:08.485060930 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:10.550303936 CET4970710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:10.552369118 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:10.706362963 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:10.706542015 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:10.711575031 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:10.755590916 CET1065249707147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:11.033710003 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:11.034301043 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:11.135143995 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:11.244354963 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:11.344330072 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:15.133358955 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:15.133440018 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.135401964 CET4970810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.137360096 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.292742014 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:17.292848110 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.298203945 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.347229958 CET1065249708147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:17.603837013 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:17.604121923 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.728914976 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:17.821630955 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:17.937527895 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:18.307569981 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:18.564666033 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:22.222095966 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:22.222210884 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.229010105 CET4971610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.231877089 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.385591030 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:24.385720968 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.391980886 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.439565897 CET1065249716147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:24.696041107 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:24.696429014 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.822500944 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:24.900566101 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:25.026242018 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:27.778337955 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:28.027070045 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:29.419018030 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:29.419226885 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:31.431946993 CET4971710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:31.433222055 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:31.590214014 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:31.590375900 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:31.595838070 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:31.639693975 CET1065249717147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:31.906858921 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:31.906944036 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:32.041363955 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:32.111907005 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:32.246042967 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:35.919368982 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:36.175137043 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:36.306291103 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:36.306529999 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.306991100 CET4971810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.309026003 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.464798927 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:38.465003014 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.473071098 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.514771938 CET1065249718147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:38.776253939 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:38.776330948 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.900559902 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:38.980006933 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:39.106863022 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:42.770190001 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:42.770328045 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.175056934 CET4971910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.176831007 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.331502914 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:45.331768990 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.336723089 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.381556988 CET1065249719147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:45.642438889 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:45.642654896 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.775716066 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:45.848845005 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:45.979687929 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:49.072738886 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:49.322222948 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:49.632672071 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:49.632872105 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:51.635169029 CET4972010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:51.637377024 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:51.790968895 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:51.791493893 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:51.799554110 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:51.842276096 CET1065249720147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:52.098084927 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:52.098391056 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:52.228662968 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:52.306399107 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:52.428129911 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:53.150929928 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:53.405549049 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:56.140037060 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:56.140158892 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.150844097 CET4972210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.152579069 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.307080030 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:58.307310104 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.312088013 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.354350090 CET1065249722147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:58.615484953 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:58.615680933 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.744502068 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:52:58.817080975 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:52:58.950555086 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:02.863755941 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:02.863998890 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:04.869501114 CET4972310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:04.871757984 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:05.028450012 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:05.028675079 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:05.034795046 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:05.071413994 CET1065249723147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:05.382291079 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:05.382586002 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:05.478848934 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:05.586395025 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:05.682415009 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:06.775908947 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:07.031120062 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:07.119718075 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:07.376863003 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:08.432328939 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:08.688009024 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:08.688256025 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:08.939321041 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:09.235022068 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:09.363004923 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:09.363168955 CET4972410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:09.447302103 CET1065249724147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:11.371463060 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:11.525527954 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:11.525625944 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:11.528069973 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:11.846514940 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:11.846735001 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:11.963012934 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:12.054819107 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:12.168240070 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:12.431763887 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:12.633151054 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:12.633295059 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:12.889139891 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:12.889461994 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:13.133672953 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:13.133816004 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:13.378859043 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:13.378957987 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:13.629370928 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:13.629473925 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:13.886955976 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:13.887079000 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:14.133286953 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:14.133506060 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:14.381263018 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:14.381445885 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:14.637864113 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:14.638062000 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:14.884608030 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:14.884705067 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:15.142636061 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:15.142765045 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:15.389355898 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:15.389482021 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:15.633225918 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:15.633811951 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:15.853044033 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:15.853737116 CET4972510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:16.054097891 CET1065249725147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:18.040724039 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:18.194957972 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:18.197197914 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:18.199865103 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:18.507527113 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:18.507651091 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:18.650482893 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:18.709952116 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:18.851557016 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:19.572153091 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:19.823724031 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:19.824089050 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:20.070682049 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:20.070843935 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:20.314779043 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:20.315186977 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:20.563033104 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:20.563170910 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:20.820910931 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:20.827924013 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:21.082670927 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:21.082762957 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:21.328749895 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:21.328953028 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:21.591553926 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:21.591766119 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:21.848814964 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:21.848999977 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:22.093586922 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:22.093673944 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:22.343163967 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:22.343302965 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:22.551024914 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:22.551100969 CET1065249728147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:22.551178932 CET4972810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:24.566061020 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:24.723184109 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:24.723392010 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:24.727442026 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:25.040277004 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:25.040431023 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:25.181726933 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:25.245522976 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:25.393929005 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:25.394109011 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:25.653295994 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:25.653595924 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:25.913202047 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:25.913393974 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:26.163317919 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:26.163444996 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:26.421350956 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:26.421457052 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:26.685365915 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:26.685544014 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:26.942101955 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:26.942485094 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:27.186585903 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:27.186861992 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:27.447607040 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:27.448019981 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:27.707565069 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:27.707832098 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:27.953515053 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:27.953655005 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:28.214423895 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:28.214616060 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:28.482047081 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:28.482268095 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:28.734658957 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:28.734872103 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:28.982053041 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:28.982203960 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:29.069514036 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:29.069731951 CET4972910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:29.188515902 CET1065249729147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:31.079272032 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:31.233103037 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:31.233458042 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:31.237870932 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:31.543901920 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:31.544106960 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:31.749301910 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:31.853687048 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:32.062083006 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:32.062309980 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:32.310039997 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:32.310134888 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:32.568903923 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:32.569117069 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:32.831840038 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:32.831942081 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:33.090079069 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:33.090290070 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:33.349581957 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:33.349796057 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:33.597676039 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:33.597886086 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:33.859994888 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:33.860233068 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:34.123198986 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:34.123425007 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:34.384972095 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:34.385109901 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:34.640507936 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:34.640590906 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:34.904715061 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:34.904803038 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:35.159703016 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:35.159800053 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:35.408449888 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:35.408525944 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:35.541821003 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:35.541902065 CET4973010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:35.615868092 CET1065249730147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:37.590137005 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:37.749561071 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:37.749804020 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:37.752783060 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:38.073827982 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:38.074174881 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:38.244345903 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:38.281172037 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:38.449259043 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:38.449451923 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:38.701236010 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:38.701497078 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:38.947386026 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:38.947705984 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:39.209460974 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:39.209604025 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:39.469614029 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:39.469813108 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:39.729541063 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:39.729773045 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:39.991463900 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:39.991591930 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:40.249284029 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:40.249648094 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:40.497689962 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:40.497926950 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:40.758028030 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:40.758244991 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:41.014816046 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:41.014991999 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:41.262904882 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:41.263163090 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:41.507492065 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:41.507786036 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:41.753937006 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:41.754040956 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:41.995016098 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:41.995232105 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:42.072560072 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:42.072787046 CET4973110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:42.197036028 CET1065249731147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:44.089948893 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:44.245982885 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:44.246100903 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:44.248451948 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:44.566411018 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:44.566584110 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:44.744158030 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:44.770915031 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:44.949008942 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:44.949119091 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:45.205823898 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:45.205890894 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:45.465626955 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:45.465809107 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:45.723284006 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:45.725177050 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:45.987166882 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:45.987251043 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:46.241684914 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:46.243021011 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:46.495569944 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:46.498158932 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:46.749392986 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:46.749499083 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:46.995908976 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:46.996079922 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:47.241508961 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:47.241597891 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:47.502043962 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:47.502346992 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:47.764219046 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:47.764302969 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:48.024360895 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:48.024491072 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:48.285497904 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:48.285665989 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:48.544652939 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:48.544888973 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:48.569099903 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:48.569175959 CET4973210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:48.749654055 CET1065249732147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:50.574613094 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:50.730832100 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:50.730933905 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:50.736922026 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:51.047156096 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:51.047430992 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:51.166021109 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:51.252845049 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:51.370645046 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:51.370850086 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:51.616071939 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:51.616266012 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:51.862253904 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:51.862473965 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:52.108798027 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:52.109158039 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:52.359778881 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:52.446846962 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:52.690597057 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:52.690798998 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:52.936820984 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:52.937005997 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:53.182303905 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:53.182434082 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:53.425636053 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:53.425743103 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:53.678710938 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:53.678839922 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:53.934927940 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:53.935033083 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:54.178977966 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:54.179130077 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:54.425112963 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:54.425220013 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:54.667834044 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:54.667931080 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:54.912087917 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:54.912197113 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:55.063247919 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:55.063340902 CET4973310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:55.113395929 CET1065249733147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:56.934315920 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:57.090223074 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:57.090354919 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:57.092449903 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:57.407167912 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:57.407277107 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:57.541013002 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:57.612673998 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:57.750600100 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:57.751174927 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:58.002902985 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:58.003031969 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:58.264429092 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:58.267118931 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:58.520806074 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:58.520939112 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:58.780488968 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:58.780586958 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:59.027359962 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:59.027539968 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:59.286580086 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:59.286698103 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:59.533082008 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:59.533262014 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:53:59.778009892 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:53:59.778106928 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:00.023200035 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:00.023360968 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:00.269414902 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:00.269561052 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:00.512630939 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:00.512749910 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:00.775290012 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:00.775393009 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:01.020736933 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:01.020843029 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:01.281042099 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:01.281164885 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:01.409395933 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:01.409652948 CET4973410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:01.486774921 CET1065249734147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:03.168478012 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:03.322765112 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:03.323004007 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:03.325082064 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:03.646836042 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:03.647201061 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:03.850836039 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:03.853599072 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:04.058958054 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:04.059453964 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:04.312968016 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:04.313221931 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:04.559066057 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:04.559294939 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:04.809282064 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:04.809541941 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:05.071363926 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:05.071671009 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:05.329044104 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:05.329366922 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:05.577105045 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:05.577486038 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:05.837254047 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:05.837564945 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:06.102005005 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:06.102227926 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:06.357547998 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:06.357748985 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:06.605218887 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:06.605573893 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:06.864809036 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:06.865025997 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:07.128036022 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:07.128345013 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:07.385421991 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:07.385644913 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:07.631247997 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:07.631530046 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:07.667356968 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:07.667583942 CET4973510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:07.837599039 CET1065249735147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:09.799361944 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:09.954457998 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:09.954583883 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:09.959177971 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:10.263155937 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:10.263467073 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:10.431711912 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:10.469335079 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:10.637326956 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:10.637553930 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:10.897377014 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:10.897624969 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:11.145818949 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:11.145982981 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:11.398588896 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:11.398910046 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:11.651949883 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:11.652156115 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:11.914170980 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:11.914385080 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:12.169682980 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:12.170016050 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:12.415558100 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:12.415788889 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:12.675576925 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:12.675697088 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:12.919301033 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:12.919469118 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:13.167635918 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:13.168032885 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:13.426126957 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:13.426248074 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:13.673417091 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:13.673672915 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:13.919697046 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:13.919953108 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:14.174283028 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:14.174403906 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:14.247682095 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:14.247793913 CET4973610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:14.381680965 CET1065249736147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:15.777966976 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:15.937953949 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:15.938126087 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:15.940295935 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:16.249342918 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:16.249447107 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:16.458317041 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:16.462945938 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:16.672349930 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:16.672574997 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:16.930090904 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:16.930193901 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:17.191700935 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:17.191937923 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:17.452157974 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:17.452316046 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:17.709988117 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:17.710103035 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:17.973198891 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:17.973412991 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:18.231436968 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:18.231544018 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:18.496815920 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:18.497040987 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:18.754559040 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:18.754681110 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:19.014127016 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:19.014280081 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:19.274760008 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:19.274988890 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:19.536247015 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:19.536459923 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:19.796886921 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:19.796971083 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:20.056025028 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:20.056140900 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:20.268802881 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:20.268858910 CET1065249737147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:20.268904924 CET4973710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:21.707359076 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:21.861399889 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:21.861535072 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:21.864454031 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:22.169766903 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:22.169857979 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:22.373281956 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:22.431567907 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:22.639189959 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:22.931566000 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:23.134902000 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:23.135010958 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:23.384730101 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:23.384903908 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:23.640799046 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:23.640973091 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:23.889123917 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:23.889213085 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:24.130702972 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:24.130789042 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:24.376683950 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:24.376807928 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:24.623341084 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:24.623437881 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:24.866596937 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:24.866741896 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:25.117419004 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:25.117669106 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:25.376919031 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:25.377001047 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:25.625291109 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:25.770566940 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:26.020756960 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:26.185034990 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:26.185154915 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:28.494190931 CET4973810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:28.496200085 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:28.650127888 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:28.650505066 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:28.653198004 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:28.697422028 CET1065249738147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:28.983500957 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:28.983704090 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:29.165965080 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:29.191047907 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:29.370927095 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:29.371195078 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:29.626751900 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:29.626950979 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:29.870528936 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:29.870640993 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:30.118293047 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:30.118590117 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:30.374048948 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:30.374196053 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:30.620354891 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:30.620584011 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:30.869512081 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:30.869816065 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:31.129965067 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:31.130105019 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:31.389075041 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:31.389168024 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:31.634524107 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:31.634814978 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:31.895589113 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:31.895855904 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:32.171916008 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:32.172138929 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:32.431797981 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:32.432005882 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:32.691164970 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:32.691262007 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:32.937437057 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:32.937659979 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:33.183367014 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:33.183464050 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:33.407875061 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:33.408174038 CET4973910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:33.612544060 CET1065249739147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:34.653141022 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:34.808964968 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:34.809237957 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:34.811466932 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:35.114316940 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:35.114530087 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:35.327898026 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:35.353415966 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:35.558247089 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:35.558511972 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:35.806246996 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:35.806518078 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:36.065937042 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:36.066102028 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:36.323641062 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:36.323817015 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:36.572446108 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:36.572699070 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:36.832461119 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:36.832587004 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:37.079781055 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:37.080051899 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:37.333167076 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:37.333420992 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:37.595752001 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:37.595983982 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:37.843910933 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:37.844141960 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:38.095153093 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:38.095386028 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:38.340018988 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:38.340300083 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:38.590559959 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:38.590712070 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:38.835417986 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:38.835520983 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:39.102211952 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:39.102451086 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:39.144593000 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:39.144793987 CET4974010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:39.306117058 CET1065249740147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:40.308212042 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:40.464580059 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:40.464662075 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:40.466833115 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:40.792373896 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:40.792496920 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:40.931504011 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:40.996088982 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:41.136121988 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:41.136209011 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:41.386754036 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:41.386887074 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:41.635557890 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:41.635658979 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:41.882059097 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:41.882231951 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:42.132298946 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:42.132420063 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:42.381509066 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:42.381655931 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:42.629775047 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:42.629920959 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:42.877628088 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:42.921386957 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:43.175997972 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:43.176120043 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:43.426126003 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:44.533871889 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:44.777776957 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:44.777988911 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:44.854079962 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:44.854171038 CET4974110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:44.982117891 CET1065249741147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:45.933558941 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:46.087449074 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:46.087600946 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:46.089994907 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:46.401335955 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:46.401490927 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:46.605528116 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:46.665936947 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:46.871443033 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:47.165891886 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:47.371560097 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:47.371686935 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:47.625272989 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:47.625416994 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:47.883466959 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:47.883678913 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:48.129508972 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:48.129616022 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:48.377552032 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:48.377727032 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:48.623495102 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:48.623584986 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:48.872211933 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:48.872483969 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:49.121792078 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:49.121988058 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:49.381757975 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:49.381867886 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:49.627907038 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:49.628010988 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:49.877870083 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:49.877974033 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:50.141724110 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:50.141895056 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:50.393872976 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:50.393995047 CET4974210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:50.600337029 CET1065249742147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:51.404196024 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:51.560065985 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:51.560261965 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:51.562321901 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:51.869492054 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:51.869616985 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:52.040977001 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:52.076112986 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:52.248761892 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:52.249012947 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:52.500504017 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:52.500650883 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:52.762500048 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:52.762742996 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:53.016710043 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:53.016964912 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:53.272751093 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:53.273025990 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:53.538069963 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:53.538346052 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:53.800544977 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:53.800774097 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:54.064259052 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:54.064462900 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:54.318550110 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:54.318825960 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:54.581645012 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:54.581871986 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:54.842593908 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:54.842999935 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:55.103080988 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:55.103405952 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:55.366446018 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:55.366636992 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:55.622953892 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:55.623151064 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:55.860969067 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:55.861167908 CET4974310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:56.068669081 CET1065249743147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:56.808321953 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:56.962316990 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:56.962647915 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:56.964927912 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:57.269109964 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:57.269541979 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:57.462852955 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:57.482960939 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:57.675111055 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:57.675345898 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:57.931303978 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:57.931476116 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:58.193464994 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:58.193619967 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:58.451390982 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:58.451756954 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:58.712585926 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:58.712851048 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:58.973531008 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:58.973740101 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:59.232923031 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:59.233094931 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:59.493102074 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:59.493196011 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:54:59.753454924 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:54:59.753566027 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:00.021027088 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:00.021151066 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:00.275572062 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:00.275702000 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:00.535229921 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:00.535342932 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:00.798095942 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:00.798202991 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:01.056024075 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:01.056135893 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:01.316298008 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:01.316396952 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:01.353219986 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:01.353349924 CET4974410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:01.526483059 CET1065249744147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:02.230214119 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:02.384249926 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:02.384382010 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:02.386884928 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:02.706034899 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:02.706341982 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:02.911626101 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:02.931466103 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:03.135231972 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:03.135329962 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:03.381526947 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:03.381690979 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:03.623171091 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:03.623271942 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:03.869399071 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:03.869524956 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:04.111351013 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:04.111676931 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:04.359992027 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:04.360102892 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:04.604033947 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:04.604124069 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:04.848995924 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:04.849448919 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:05.096199036 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:05.096288919 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:05.351567030 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:05.351999998 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:05.610109091 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:05.610246897 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:05.858594894 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:05.858931065 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:06.102865934 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:06.103038073 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:06.354091883 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:06.354196072 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:06.615479946 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:06.615566015 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:06.743663073 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:06.743743896 CET4974510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:06.814441919 CET1065249745147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:07.574206114 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:07.729490042 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:07.729701996 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:07.732975006 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:08.024343967 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:08.024602890 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:08.165976048 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:08.230407000 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:08.370404005 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:08.370620966 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:08.616516113 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:08.616853952 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:08.863234997 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:08.863493919 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:09.110193014 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:09.110502958 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:09.354547977 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:09.354942083 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:09.600610018 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:09.600860119 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:09.864080906 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:09.864284992 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:10.128406048 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:10.128658056 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:10.383981943 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:10.384290934 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:10.643629074 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:10.643883944 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:10.890033960 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:10.890259981 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:11.148963928 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:11.149210930 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:11.408803940 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:11.408999920 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:11.654833078 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:11.655086994 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:11.913583040 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:11.913957119 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:12.019004107 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:12.019269943 CET4974610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:12.122087955 CET1065249746147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:12.793101072 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:12.946794987 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:12.947025061 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:12.949378014 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:13.249932051 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:13.250020981 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:13.431451082 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:13.452867985 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:13.635077000 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.038759947 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.038759947 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.040894032 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.244647026 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.244699955 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.248429060 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.248568058 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.489196062 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.489285946 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.735217094 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.735325098 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:14.989214897 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:14.989306927 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:15.243323088 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:15.302731037 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:15.550308943 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:15.550517082 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:15.798989058 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:16.567472935 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:16.826793909 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:16.826914072 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:17.085838079 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:17.086050987 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:17.256274939 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:17.256412983 CET4974710652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:17.294886112 CET1065249747147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:17.982858896 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:18.138672113 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:18.138792038 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:18.141345024 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:18.464086056 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:18.464217901 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:18.666179895 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:18.743978977 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:18.947077990 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:18.947201967 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:19.153372049 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:19.153533936 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:19.400767088 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:19.400959969 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:19.647006035 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:19.647125959 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:19.898920059 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:19.899175882 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:20.143635988 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:20.143752098 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:20.391659021 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:20.391858101 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:20.637820005 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:20.638030052 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:20.885272980 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:20.885433912 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:21.144504070 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:21.144726038 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:21.391777992 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:21.391932011 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:21.653279066 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:21.653458118 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:21.910213947 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:21.910325050 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:22.159969091 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:22.160191059 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:22.415918112 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:22.416223049 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:22.490277052 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:22.490547895 CET4974810652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:22.619499922 CET1065249748147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:23.168051004 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:23.323913097 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:23.324012041 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:23.326433897 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:23.647685051 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:23.647835016 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:23.852615118 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:23.853300095 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:24.061141968 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:24.353399038 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:24.559154034 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:24.559248924 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:24.810519934 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:24.810724974 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:25.059547901 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:25.059938908 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:25.316889048 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:25.317009926 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:25.562304974 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:25.562462091 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:25.809125900 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:25.809336901 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:26.069164991 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:26.069271088 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:26.316513062 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:26.316726923 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:26.577327967 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:26.577600002 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:26.837866068 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:26.837980032 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:27.094427109 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:27.094650030 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:27.346463919 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:27.346600056 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:27.598709106 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:27.598798990 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:27.663475990 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:27.663623095 CET4974910652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:27.805082083 CET1065249749147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:28.292804956 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:28.455090046 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:28.455265999 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:28.458600998 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:28.797977924 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:28.798105001 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:28.931410074 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:29.003309965 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:29.135135889 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:29.135267019 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:29.379503012 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:29.379606009 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:29.625338078 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:29.625477076 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:29.874402046 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:29.874584913 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:30.132189989 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:30.132456064 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:30.392111063 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:30.392302036 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:30.641876936 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:30.641969919 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:30.900203943 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:30.900361061 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:31.161969900 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:31.162074089 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:31.419794083 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:31.419982910 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:31.666429043 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:31.666563034 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:31.925587893 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:31.925859928 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:32.173712969 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:32.274388075 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:32.523566008 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:32.523741961 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:32.768831968 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:32.786415100 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:32.786551952 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.306668043 CET4975010652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.308052063 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.462109089 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:34.462228060 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.464700937 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.510829926 CET1065249750147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:34.764075041 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:34.764199018 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.962651014 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:34.967803001 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:35.167161942 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:35.462656021 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:35.665916920 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:35.666049957 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:35.874517918 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:35.874692917 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:36.125422955 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:36.125583887 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:36.372279882 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:36.372378111 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:36.619980097 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:36.620160103 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:36.877244949 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:36.877418995 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:37.125348091 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:37.125538111 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:37.383241892 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:37.383558989 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:37.632704973 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:37.632824898 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:37.891243935 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:37.891458035 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:38.149529934 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:38.149629116 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:38.397407055 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:38.397684097 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:38.656016111 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:38.656172991 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:38.760905027 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:38.761013031 CET4975110652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:38.866038084 CET1065249751147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:39.309678078 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:39.463331938 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:39.463438034 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:39.466746092 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:39.797215939 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:39.797300100 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:39.931372881 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:40.004302025 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:40.135296106 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:40.540741920 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:40.742537022 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:40.742681980 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:40.946886063 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:40.947066069 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:41.205244064 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:41.205416918 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:41.463027000 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:41.463159084 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:41.706938028 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:41.707035065 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:41.950485945 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:41.950593948 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:42.199048996 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:42.199176073 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:42.446099997 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:42.446325064 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:42.706662893 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:42.706887007 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:42.963134050 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:42.963243008 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:43.211124897 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:43.211330891 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:43.452806950 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:43.452914000 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:43.699686050 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:43.699807882 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:43.797553062 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:43.797739983 CET4975210652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:43.903518915 CET1065249752147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:44.308806896 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:44.464638948 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:44.464926004 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:44.467327118 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:44.789803982 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:44.790000916 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:44.962666035 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:45.001802921 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:45.172564030 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:45.172779083 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:45.433520079 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:45.433808088 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:45.693511963 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:45.693924904 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:45.955898046 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:45.956129074 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:46.216240883 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:46.216535091 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:46.478065968 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:46.478321075 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:46.734956980 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:46.735207081 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:46.996505022 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:46.996763945 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:47.258415937 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:47.258610010 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:47.516705990 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:47.516809940 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:47.775058031 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:47.775281906 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:48.040671110 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:48.040848017 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:48.300259113 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:48.300389051 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:48.561943054 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:48.562191963 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:48.795455933 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:48.795742989 CET4975310652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.008965969 CET1065249753147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:49.277065039 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.431119919 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:49.431387901 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.433585882 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.734360933 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:49.734616041 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.931488037 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:49.937719107 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:49.937850952 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:50.134100914 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:50.142821074 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:50.142944098 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:50.396076918 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:50.396187067 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:50.641063929 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:50.641371965 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:50.903675079 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:50.903858900 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:51.163733959 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:51.163989067 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:51.421971083 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:51.422116041 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:51.667335987 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:51.667538881 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:51.916229963 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:51.916523933 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:52.172229052 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:52.172333956 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:52.422382116 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:52.422517061 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:52.678999901 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:52.679270029 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:52.925060034 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:52.925185919 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:53.174257994 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:53.174379110 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:53.433924913 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:53.434195042 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:53.691036940 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:53.691251040 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:53.775907993 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:53.776133060 CET4975410652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:53.896945000 CET1065249754147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:54.229800940 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:54.383810043 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:54.383951902 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:54.388467073 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:54.690383911 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:54.690481901 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:54.853216887 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:54.896589041 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:54.896703959 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:55.058526993 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:55.104425907 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:55.104512930 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:55.366537094 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:55.366648912 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:55.624155998 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:55.624233961 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:55.885986090 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:55.886204004 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:56.143315077 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:56.143420935 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:56.387343884 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:56.387490034 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:56.638863087 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:56.638971090 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:56.898714066 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:56.899172068 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:57.158324003 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:57.158386946 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:57.420257092 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:57.420855045 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:57.678471088 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:57.678534985 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:57.924283981 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:57.924357891 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:58.175760984 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:58.175823927 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:58.433090925 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:58.433163881 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:58.692789078 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:58.692905903 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:58.697133064 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:58.697211027 CET4975510652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:58.902854919 CET1065249755147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:59.120836020 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:59.276612997 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:59.276745081 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:59.278876066 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:59.597484112 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:59.597579956 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:55:59.807595015 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:55:59.868881941 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:00.076385975 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:00.076648951 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:00.286796093 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:00.286904097 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:00.547760010 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:00.547873974 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:00.808145046 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:00.808273077 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:01.071790934 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:01.071896076 CET4975610652192.168.2.5147.185.221.17
                                                                                              Feb 17, 2024 20:56:01.327915907 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:03.598290920 CET1065249756147.185.221.17192.168.2.5
                                                                                              Feb 17, 2024 20:56:03.598654032 CET4975610652192.168.2.5147.185.221.17

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Feb 17, 2024 20:51:55.758121014 CET6361853192.168.2.51.1.1.1
                                                                                              Feb 17, 2024 20:51:55.869880915 CET53636181.1.1.1192.168.2.5
                                                                                              Feb 17, 2024 20:51:56.315579891 CET5861953192.168.2.51.1.1.1
                                                                                              Feb 17, 2024 20:51:56.406672955 CET53586191.1.1.1192.168.2.5
                                                                                              Feb 17, 2024 20:52:03.638398886 CET6005753192.168.2.51.1.1.1
                                                                                              Feb 17, 2024 20:52:03.799185038 CET53600571.1.1.1192.168.2.5

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Feb 17, 2024 20:51:55.758121014 CET192.168.2.51.1.1.10x21c5Standard query (0)freegeoip.appA (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:51:56.315579891 CET192.168.2.51.1.1.10xeb21Standard query (0)ipbase.comA (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:52:03.638398886 CET192.168.2.51.1.1.10xc68bStandard query (0)mary-cottage.gl.at.ply.ggA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Feb 17, 2024 20:51:55.869880915 CET1.1.1.1192.168.2.50x21c5No error (0)freegeoip.app172.67.160.84A (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:51:55.869880915 CET1.1.1.1192.168.2.50x21c5No error (0)freegeoip.app104.21.73.97A (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:51:56.406672955 CET1.1.1.1192.168.2.50xeb21No error (0)ipbase.com172.67.209.71A (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:51:56.406672955 CET1.1.1.1192.168.2.50xeb21No error (0)ipbase.com104.21.85.189A (IP address)IN (0x0001)false
                                                                                              Feb 17, 2024 20:52:03.799185038 CET1.1.1.1192.168.2.50xc68bNo error (0)mary-cottage.gl.at.ply.gg147.185.221.17A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • freegeoip.app
                                                                                              • ipbase.com

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.549705172.67.160.844434292C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-02-17 19:51:56 UTC67OUTGET /xml/ HTTP/1.1
                                                                                              Host: freegeoip.app
                                                                                              Connection: Keep-Alive
                                                                                              2024-02-17 19:51:56 UTC629INHTTP/1.1 301 Moved Permanently
                                                                                              Date: Sat, 17 Feb 2024 19:51:56 GMT
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Cache-Control: max-age=3600
                                                                                              Expires: Sat, 17 Feb 2024 20:51:56 GMT
                                                                                              Location: https://ipbase.com/xml/
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxnlunZTZPsnBDILR0cT3pRPIYvbelj5%2Fq4LlTVt3Oj5TiXmNg1VX6sSQMnbDw3pB%2Fzj96ISNU5trA6Lj6geCf%2FJm9z9%2FP%2BO%2Fmhj21ITPSbbySBcbH4D%2FyTg2MMu6Lv5"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 857091608e380f65-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-02-17 19:51:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                              Data Ascii: 0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.549706172.67.209.714434292C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-02-17 19:51:56 UTC64OUTGET /xml/ HTTP/1.1
                                                                                              Host: ipbase.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-02-17 19:51:56 UTC734INHTTP/1.1 404 Not Found
                                                                                              Date: Sat, 17 Feb 2024 19:51:56 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Age: 0
                                                                                              Cache-Control: public,max-age=0,must-revalidate
                                                                                              Cache-Status: "Netlify Edge"; fwd=miss
                                                                                              Vary: Accept-Encoding
                                                                                              X-Nf-Request-Id: 01HPWA06KE7Q6YWZ13ESJ0RXWW
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nD%2FqN1usfuEjBpDyOMSgN0VjHHfat69gi1bbbPZrxArTy18PlvgkxYxYVNGKMPS9u%2FFiW4PZ3gXb3pLHaWjXqWWHDG4l2XDcRqYMbFkSMd2HRJoucncjOX0WYU2b"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 85709163cd9543e2-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-02-17 19:51:56 UTC635INData Raw: 63 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d
                                                                                              Data Ascii: c0a<!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>Page Not Found</title> <link href='https://fonts.googleapis.com
                                                                                              2024-02-17 19:51:56 UTC1369INData Raw: 20 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30
                                                                                              Data Ascii: 0; } h1 { margin: 0; font-size: 22px; line-height: 24px; } .main { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; height: 10
                                                                                              2024-02-17 19:51:56 UTC1085INData Raw: 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 30 37 30 36 37 22 20 64 3d 22 4d 31 31 2e 39 39 39 38 38 33 36 2c 34 2e 30 39 33 37 30 38 30 33 20 4c 38 2e 35 35 38 30 39 35 31 37 2c 37 2e 34 33 32 39 34 39 35 33 20 43 38 2e 32 33 35 33 31 34 35 39 2c 37 2e 37 34 36 31 31 32 39 38 20 38 2e 32 33 35 33 31 34 35 39 2c 38 2e 32 35 33 38 38 37 33 36 20 38 2e 35 35 38 30 39 35 31 37 2c 38 2e 35 36 36 39 33 37 36 39 20 4c 31 32 2c 31 31 2e 39 30 36 32 39 32 31 20 4c 39 2e 38 34 31 38 37 38 37 31 2c 31 34 20 4c 34 2e 32 34 32 30 38 35 34 34 2c 38 2e 35 36 36 39 33 37 35 31 20 43 33 2e 39 31 39 33 30 34 38 35 2c 38 2e 32 35 33 38 38 37 31 39 20 33 2e 39 31 39 33 30 34 38 35 2c 37 2e 37 34 36 31 31 32 38 31 20 34 2e 32 34 32 30 38 35 34 34 2c 37 2e 34 33 32 39 34 39
                                                                                              Data Ascii: <path fill="#007067" d="M11.9998836,4.09370803 L8.55809517,7.43294953 C8.23531459,7.74611298 8.23531459,8.25388736 8.55809517,8.56693769 L12,11.9062921 L9.84187871,14 L4.24208544,8.56693751 C3.91930485,8.25388719 3.91930485,7.74611281 4.24208544,7.432949
                                                                                              2024-02-17 19:51:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                              Data Ascii: 0


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:20:51:52
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\Desktop\qdHMT36Tn9.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\qdHMT36Tn9.exe
                                                                                              Imagebase:0x560000
                                                                                              File size:471'910 bytes
                                                                                              MD5 hash:3E5BA25AA4F23CEB11BE209D1967E341
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000003.2011201227.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_RagsStealer, Description: Yara detected Rags Stealer, Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_44CaliberStealer, Description: Yara detected 44Caliber Stealer, Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000003.2011201227.0000000005813000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:20:51:53
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\1.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\1.exe"
                                                                                              Imagebase:0x1f2cb290000
                                                                                              File size:546'816 bytes
                                                                                              MD5 hash:0CE3051B867D50AA172D1B332F156E3E
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_RagsStealer, Description: Yara detected Rags Stealer, Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_44CaliberStealer, Description: Yara detected 44Caliber Stealer, Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000002.00000000.2015718646.000001F2CB292000.00000002.00000001.01000000.00000009.sdmp, Author: ditekSHen
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2051820157.000001F2CD109000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_RagsStealer, Description: Yara detected Rags Stealer, Source: 00000002.00000002.2051820157.000001F2CD109000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000002.00000002.2051820157.000001F2CD1D3000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_RagsStealer, Description: Yara detected Rags Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_44CaliberStealer, Description: Yara detected 44Caliber Stealer, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: Joe Security
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_References_VPN, Description: Detects executables referencing many VPN software clients. Observed in infosteslers, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              • Rule: MALWARE_Win_A310Logger, Description: Detects A310Logger, Source: C:\Users\user\AppData\Local\Temp\1.exe, Author: ditekSHen
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 76%, ReversingLabs
                                                                                              • Detection: 72%, Virustotal, Browse
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:20:51:53
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\3.exe"
                                                                                              Imagebase:0x5c0000
                                                                                              File size:37'888 bytes
                                                                                              MD5 hash:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, Author: unknown
                                                                                              • Rule: njrat1, Description: Identify njRat, Source: 00000003.00000000.2017971668.00000000005C2000.00000002.00000001.01000000.0000000B.sdmp, Author: Brian Wallace @botnet_hunter
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000003.00000002.4480531198.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: unknown
                                                                                              • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: Brian Wallace @botnet_hunter
                                                                                              • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\3.exe, Author: ditekSHen
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 100%, ReversingLabs
                                                                                              • Detection: 89%, Virustotal, Browse
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:20:52:00
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Windows\SysWOW64\netsh.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\3.exe" "3.exe" ENABLE
                                                                                              Imagebase:0x1080000
                                                                                              File size:82'432 bytes
                                                                                              MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:20:52:00
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff6d64d0000
                                                                                              File size:862'208 bytes
                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:20:52:11
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                                                              Imagebase:0x6c0000
                                                                                              File size:37'888 bytes
                                                                                              MD5 hash:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:20:52:20
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                                                              Imagebase:0xba0000
                                                                                              File size:37'888 bytes
                                                                                              MD5 hash:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:20:52:29
                                                                                              Start date:17/02/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\3.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\3.exe" ..
                                                                                              Imagebase:0xd80000
                                                                                              File size:37'888 bytes
                                                                                              MD5 hash:6D11195AF6CCA04EB53ECCF9AAF329DC
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:10%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:13%
                                                                                                Total number of Nodes:1713
                                                                                                Total number of Limit Nodes:41
                                                                                                execution_graph 24119 56b45f 24125 56b469 24119->24125 24121 56b50b 24122 56b5dd SetFilePointer 24123 56b48d 24122->24123 24124 56b5fa GetLastError 24122->24124 24128 5810f9 24123->24128 24124->24123 24125->24122 24125->24123 24126 56b5b6 24125->24126 24135 56b1e6 24125->24135 24126->24122 24129 581101 24128->24129 24130 581102 IsProcessorFeaturePresent 24128->24130 24129->24121 24132 581314 24130->24132 24139 5812d7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 24132->24139 24134 5813f7 24134->24121 24136 56b1ff 24135->24136 24140 56b8c0 24136->24140 24139->24134 24141 56b8d2 24140->24141 24143 56b8e5 24140->24143 24142 56b231 24141->24142 24149 567cd8 77 API calls 24141->24149 24142->24126 24143->24142 24145 56b8f8 SetFilePointer 24143->24145 24145->24142 24146 56b914 GetLastError 24145->24146 24146->24142 24147 56b91e 24146->24147 24147->24142 24150 567cd8 77 API calls 24147->24150 24149->24143 24150->24142 26327 591850 51 API calls 24872 57f05c 24878 57f07f 24872->24878 24875 57f717 24876 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24875->24876 24877 57f732 24876->24877 24888 57ea83 _wcslen _wcsrchr 24878->24888 24922 57fafc 24878->24922 24879 57ed57 SetWindowTextW 24879->24888 24881 56dd18 5 API calls 24881->24888 24885 57eb4b SetFileAttributesW 24887 57ec05 GetFileAttributesW 24885->24887 24902 57eb65 _abort _wcslen 24885->24902 24887->24888 24890 57ec17 DeleteFileW 24887->24890 24888->24875 24888->24879 24888->24881 24888->24885 24894 57f73c 24888->24894 24899 57ef75 SendMessageW 24888->24899 24903 57d41c 24888->24903 24943 57d5dd 24888->24943 24949 57c5dd GetCurrentDirectoryW 24888->24949 24951 56c3de 11 API calls 24888->24951 24952 56c367 FindClose 24888->24952 24953 57d76e 76 API calls 3 library calls 24888->24953 24954 5866ae 24888->24954 24890->24888 24892 57ec28 24890->24892 24897 564c00 _swprintf 51 API calls 24892->24897 24893 57ef35 GetDlgItem SetWindowTextW SendMessageW 24893->24888 24967 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 24894->24967 24896 57f741 24898 57ec48 GetFileAttributesW 24897->24898 24898->24892 24900 57ec5d MoveFileW 24898->24900 24899->24888 24900->24888 24901 57ec75 MoveFileExW 24900->24901 24901->24888 24902->24887 24902->24888 24950 56d8ac 51 API calls 2 library calls 24902->24950 24906 57d42e 24903->24906 24904 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24905 57d4f6 24904->24905 24905->24893 24907 57d4ba 24906->24907 24908 57d500 24906->24908 24907->24904 24968 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 24908->24968 24910 57d505 24969 561366 24910->24969 24913 57d574 24916 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24913->24916 24914 57d5b5 SetDlgItemTextW 24914->24913 24915 57d562 24915->24913 24917 57d583 GetDlgItemTextW 24915->24917 24921 57d56f 24915->24921 24918 57d5d4 24916->24918 24979 571421 82 API calls _wcslen 24917->24979 24918->24893 24920 57d57a EndDialog 24920->24913 24921->24913 24921->24920 24926 57fb06 _abort _wcslen 24922->24926 24923 57fd7e 24924 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24923->24924 24925 57fd8f 24924->24925 24925->24888 24926->24923 24982 56bccb 24926->24982 24929 57fc73 ShellExecuteExW 24929->24923 24934 57fc86 24929->24934 24931 57fc6b 24931->24929 24932 57fcb8 24986 58004d 6 API calls 24932->24986 24933 57fd0e CloseHandle 24935 57fd1c 24933->24935 24934->24932 24934->24933 24936 57fcae ShowWindow 24934->24936 24935->24923 24939 57fd75 ShowWindow 24935->24939 24936->24932 24938 57fcd0 24938->24933 24940 57fce3 GetExitCodeProcess 24938->24940 24939->24923 24940->24933 24941 57fcf6 24940->24941 24941->24933 24944 57d5e7 24943->24944 24947 57d6df 24944->24947 24948 57d6bc ExpandEnvironmentStringsW 24944->24948 24945 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24946 57d6fc 24945->24946 24946->24888 24947->24945 24948->24947 24949->24888 24950->24902 24951->24888 24952->24888 24953->24888 24955 58bb34 24954->24955 24956 58bb4c 24955->24956 24957 58bb41 24955->24957 24959 58bb54 24956->24959 24965 58bb5d __dosmaperr 24956->24965 24997 58bc8e 24957->24997 24960 58bafa _free 20 API calls 24959->24960 24963 58bb49 24960->24963 24961 58bb62 25004 58bc7b 20 API calls __dosmaperr 24961->25004 24962 58bb87 HeapReAlloc 24962->24963 24962->24965 24963->24888 24965->24961 24965->24962 25005 58a2ec 7 API calls 2 library calls 24965->25005 24967->24896 24968->24910 24970 56136f 24969->24970 24971 5613c8 24969->24971 24972 5613d5 24970->24972 24980 570244 62 API calls 3 library calls 24970->24980 24981 57021d GetWindowLongW SetWindowLongW 24971->24981 24972->24913 24972->24914 24972->24915 24975 561391 24975->24972 24976 5613a4 GetDlgItem 24975->24976 24976->24972 24977 5613b4 24976->24977 24977->24972 24978 5613ba SetWindowTextW 24977->24978 24978->24972 24979->24921 24980->24975 24981->24972 24987 56bcdd 24982->24987 24985 56d563 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24985->24931 24986->24938 24988 581590 24987->24988 24989 56bcea GetFileAttributesW 24988->24989 24990 56bd07 24989->24990 24991 56bd2c 24989->24991 24992 56da1e 6 API calls 24990->24992 24993 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24991->24993 24994 56bd19 24992->24994 24995 56bcd4 24993->24995 24994->24991 24996 56bd1d GetFileAttributesW 24994->24996 24995->24929 24995->24985 24996->24991 24998 58bccc 24997->24998 25002 58bc9c __dosmaperr 24997->25002 25007 58bc7b 20 API calls __dosmaperr 24998->25007 24999 58bcb7 RtlAllocateHeap 25001 58bcca 24999->25001 24999->25002 25001->24963 25002->24998 25002->24999 25006 58a2ec 7 API calls 2 library calls 25002->25006 25004->24963 25005->24965 25006->25002 25007->25001 25046 58d240 25048 58d24b 25046->25048 25047 58d55a 11 API calls 25047->25048 25048->25047 25049 58d274 25048->25049 25050 58d270 25048->25050 25052 58d2a0 DeleteCriticalSection 25049->25052 25052->25050 26329 58239f 9 API calls 2 library calls 25055 580a46 25056 5809f4 25055->25056 25058 580d3a 25056->25058 25084 580a98 25058->25084 25060 580d4a 25061 580da7 25060->25061 25065 580dcb 25060->25065 25062 580cd8 DloadReleaseSectionWriteAccess 6 API calls 25061->25062 25063 580db2 RaiseException 25062->25063 25079 580fa0 25063->25079 25064 580e43 LoadLibraryExA 25066 580ea4 25064->25066 25067 580e56 GetLastError 25064->25067 25065->25064 25065->25066 25068 580f72 25065->25068 25070 580eb6 25065->25070 25069 580eaf FreeLibrary 25066->25069 25066->25070 25071 580e7f 25067->25071 25078 580e69 25067->25078 25093 580cd8 25068->25093 25069->25070 25070->25068 25072 580f14 GetProcAddress 25070->25072 25073 580cd8 DloadReleaseSectionWriteAccess 6 API calls 25071->25073 25072->25068 25074 580f24 GetLastError 25072->25074 25075 580e8a RaiseException 25073->25075 25076 580f37 25074->25076 25075->25079 25076->25068 25080 580cd8 DloadReleaseSectionWriteAccess 6 API calls 25076->25080 25078->25066 25078->25071 25079->25056 25081 580f58 RaiseException 25080->25081 25082 580a98 ___delayLoadHelper2@8 6 API calls 25081->25082 25083 580f6f 25082->25083 25083->25068 25085 580aca 25084->25085 25086 580aa4 25084->25086 25085->25060 25101 580b41 25086->25101 25088 580aa9 25089 580ac5 25088->25089 25104 580c6a 25088->25104 25109 580acb GetModuleHandleW GetProcAddress GetProcAddress 25089->25109 25092 580d13 25092->25060 25094 580cea 25093->25094 25095 580d0c 25093->25095 25096 580b41 DloadReleaseSectionWriteAccess 3 API calls 25094->25096 25095->25079 25097 580cef 25096->25097 25098 580d07 25097->25098 25099 580c6a DloadProtectSection 3 API calls 25097->25099 25112 580d0e GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 25098->25112 25099->25098 25110 580acb GetModuleHandleW GetProcAddress GetProcAddress 25101->25110 25103 580b46 25103->25088 25106 580c7f DloadProtectSection 25104->25106 25105 580c85 25105->25089 25106->25105 25107 580cba VirtualProtect 25106->25107 25111 580b80 VirtualQuery GetSystemInfo 25106->25111 25107->25105 25109->25092 25110->25103 25111->25107 25112->25095 26332 561075 44 API calls 25116 58067c 14 API calls ___delayLoadHelper2@8 26333 588870 QueryPerformanceFrequency QueryPerformanceCounter 26403 593665 21 API calls 2 library calls 26404 582610 RaiseException std::_Xinvalid_argument _com_error::_com_error 26340 58d808 27 API calls 2 library calls 26341 57c000 28 API calls 26342 561025 29 API calls 26343 564c20 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26409 562620 97 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26410 58ca20 21 API calls 2 library calls 26412 5782d0 137 API calls __InternalCxxFrameHandler 25009 57f6d8 25023 57ea83 _wcslen _wcsrchr 25009->25023 25010 57d5dd 6 API calls 25010->25023 25011 57f717 25012 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25011->25012 25013 57f732 25012->25013 25014 57ed57 SetWindowTextW 25014->25023 25016 56dd18 5 API calls 25016->25023 25018 5866ae 22 API calls 25018->25023 25020 57eb4b SetFileAttributesW 25022 57ec05 GetFileAttributesW 25020->25022 25037 57eb65 _abort _wcslen 25020->25037 25022->25023 25025 57ec17 DeleteFileW 25022->25025 25023->25010 25023->25011 25023->25014 25023->25016 25023->25018 25023->25020 25026 57d41c 100 API calls 25023->25026 25029 57f73c 25023->25029 25034 57ef75 SendMessageW 25023->25034 25038 57c5dd GetCurrentDirectoryW 25023->25038 25040 56c3de 11 API calls 25023->25040 25041 56c367 FindClose 25023->25041 25042 57d76e 76 API calls 3 library calls 25023->25042 25025->25023 25027 57ec28 25025->25027 25028 57ef35 GetDlgItem SetWindowTextW SendMessageW 25026->25028 25032 564c00 _swprintf 51 API calls 25027->25032 25028->25023 25043 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 25029->25043 25031 57f741 25033 57ec48 GetFileAttributesW 25032->25033 25033->25027 25035 57ec5d MoveFileW 25033->25035 25034->25023 25035->25023 25036 57ec75 MoveFileExW 25035->25036 25036->25023 25037->25022 25037->25023 25039 56d8ac 51 API calls 2 library calls 25037->25039 25038->25023 25039->25037 25040->25023 25041->25023 25042->25023 25043->25031 26349 57d8c0 98 API calls 26416 58caf0 71 API calls _free 26417 592ef0 IsProcessorFeaturePresent 26350 581cf3 20 API calls 26351 5624e0 26 API calls std::bad_exception::bad_exception 25127 57dae0 25128 57daf2 25127->25128 25129 561366 66 API calls 25128->25129 25130 57db45 25129->25130 25131 57e250 25130->25131 25132 57db5c 25130->25132 25212 57db76 25130->25212 25382 57f9ee 25131->25382 25135 57dbd0 25132->25135 25136 57db6d 25132->25136 25132->25212 25134 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25138 57e555 25134->25138 25143 57dc63 GetDlgItemTextW 25135->25143 25147 57dbe6 25135->25147 25139 57db71 25136->25139 25140 57dbad 25136->25140 25148 570597 53 API calls 25139->25148 25139->25212 25149 57dc94 KiUserCallbackDispatcher 25140->25149 25140->25212 25141 57e26b SendMessageW 25142 57e279 25141->25142 25145 57e293 GetDlgItem SendMessageW 25142->25145 25146 57e282 SendDlgItemMessageW 25142->25146 25143->25140 25144 57dca0 25143->25144 25151 57dcb5 GetDlgItem 25144->25151 25300 57dca9 25144->25300 25401 57c5dd GetCurrentDirectoryW 25145->25401 25146->25145 25152 570597 53 API calls 25147->25152 25154 57db90 25148->25154 25149->25212 25156 57dcec SetFocus 25151->25156 25157 57dcc9 SendMessageW SendMessageW 25151->25157 25153 57dc03 SetDlgItemTextW 25152->25153 25158 57dc0e 25153->25158 25423 561273 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25154->25423 25155 57e2c3 GetDlgItem 25161 57e2e6 SetWindowTextW 25155->25161 25162 57e2e0 25155->25162 25159 57dcfc 25156->25159 25173 57dd08 25156->25173 25157->25156 25167 57dc1b GetMessageW 25158->25167 25158->25212 25164 570597 53 API calls 25159->25164 25402 57cb49 GetClassNameW 25161->25402 25162->25161 25168 57dd06 25164->25168 25165 57e196 25169 570597 53 API calls 25165->25169 25172 57dc32 IsDialogMessageW 25167->25172 25167->25212 25302 57f7fc 25168->25302 25170 57e1a6 SetDlgItemTextW 25169->25170 25175 57e1ba 25170->25175 25172->25158 25177 57dc41 TranslateMessage DispatchMessageW 25172->25177 25179 570597 53 API calls 25173->25179 25174 57e531 SetDlgItemTextW 25174->25212 25182 570597 53 API calls 25175->25182 25177->25158 25184 57dd3f 25179->25184 25181 57dd77 25186 57dd96 25181->25186 25190 56bccb 8 API calls 25181->25190 25222 57e1dd _wcslen 25182->25222 25183 57e331 25188 57e361 25183->25188 25192 570597 53 API calls 25183->25192 25189 564c00 _swprintf 51 API calls 25184->25189 25314 56baf1 25186->25314 25187 57ea07 121 API calls 25187->25183 25193 57ea07 121 API calls 25188->25193 25242 57e419 25188->25242 25189->25168 25195 57dd8c 25190->25195 25197 57e344 SetDlgItemTextW 25192->25197 25198 57e37c 25193->25198 25194 57e4c0 25200 57e4d2 25194->25200 25201 57e4c9 EnableWindow 25194->25201 25195->25186 25199 57dd90 25195->25199 25205 570597 53 API calls 25197->25205 25213 57e38e 25198->25213 25241 57e3b3 25198->25241 25425 57cebf 9 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25199->25425 25208 57e4ef 25200->25208 25434 561323 GetDlgItem EnableWindow 25200->25434 25201->25200 25202 57e22e 25206 570597 53 API calls 25202->25206 25203 57ddba 25325 57cbb6 SetCurrentDirectoryW 25203->25325 25204 57ddaf GetLastError 25204->25203 25209 57e358 SetDlgItemTextW 25205->25209 25206->25212 25216 57e516 25208->25216 25223 57e50e SendMessageW 25208->25223 25209->25188 25211 57ddce 25217 57ddd7 GetLastError 25211->25217 25218 57dde5 25211->25218 25212->25134 25432 57be55 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25213->25432 25214 57e40c 25219 57ea07 121 API calls 25214->25219 25216->25212 25226 570597 53 API calls 25216->25226 25217->25218 25224 57de5c 25218->25224 25230 57de6b 25218->25230 25232 57ddf5 GetTickCount 25218->25232 25219->25242 25221 57e4e5 25435 561323 GetDlgItem EnableWindow 25221->25435 25222->25202 25228 570597 53 API calls 25222->25228 25223->25216 25229 57e097 25224->25229 25224->25230 25225 57e3a7 25225->25241 25233 57db97 25226->25233 25234 57e211 25228->25234 25336 561341 GetDlgItem ShowWindow 25229->25336 25236 57e03c 25230->25236 25238 57de84 GetModuleFileNameW 25230->25238 25239 57e032 25230->25239 25231 57e4a1 25433 57be55 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25231->25433 25240 564c00 _swprintf 51 API calls 25232->25240 25233->25174 25233->25212 25243 564c00 _swprintf 51 API calls 25234->25243 25246 570597 53 API calls 25236->25246 25426 5712bc 82 API calls 25238->25426 25239->25140 25239->25236 25249 57de12 25240->25249 25241->25214 25247 57ea07 121 API calls 25241->25247 25242->25194 25242->25231 25250 570597 53 API calls 25242->25250 25243->25202 25244 57e4bd 25244->25194 25253 57e046 25246->25253 25254 57e3e1 25247->25254 25248 57e0a7 25337 561341 GetDlgItem ShowWindow 25248->25337 25326 56b01e 25249->25326 25250->25242 25252 57deac 25255 564c00 _swprintf 51 API calls 25252->25255 25256 564c00 _swprintf 51 API calls 25253->25256 25254->25214 25257 57e3ea DialogBoxParamW 25254->25257 25260 57dece CreateFileMappingW 25255->25260 25262 57e064 25256->25262 25257->25140 25257->25214 25258 57e0b1 25259 570597 53 API calls 25258->25259 25265 57e0bb SetDlgItemTextW 25259->25265 25263 57df2c GetCommandLineW 25260->25263 25264 57dfa3 __InternalCxxFrameHandler 25260->25264 25273 570597 53 API calls 25262->25273 25269 57df3d 25263->25269 25267 57dfae ShellExecuteExW 25264->25267 25338 561341 GetDlgItem ShowWindow 25265->25338 25283 57dfc9 25267->25283 25427 57d705 SHGetMalloc 25269->25427 25270 57de3f GetLastError 25271 57de4a 25270->25271 25275 56af2f 80 API calls 25271->25275 25279 57e07e 25273->25279 25274 57e0cd SetDlgItemTextW GetDlgItem 25276 57e102 25274->25276 25277 57e0ea GetWindowLongW SetWindowLongW 25274->25277 25275->25224 25339 57ea07 25276->25339 25277->25276 25278 57df59 25428 57d705 SHGetMalloc 25278->25428 25282 57df65 25429 57d705 SHGetMalloc 25282->25429 25294 57e00c 25283->25294 25295 57dff8 Sleep 25283->25295 25286 57ea07 121 API calls 25287 57e11e 25286->25287 25370 57fdf7 25287->25370 25288 57df71 25430 57136b 82 API calls 25288->25430 25290 57e022 UnmapViewOfFile CloseHandle 25290->25239 25293 57df82 MapViewOfFile 25293->25264 25294->25239 25294->25290 25295->25283 25295->25294 25300->25140 25300->25165 25436 57d864 PeekMessageW 25302->25436 25305 57f836 25309 57f841 ShowWindow SendMessageW SendMessageW 25305->25309 25306 57f86e SendMessageW SendMessageW 25307 57f8ae 25306->25307 25308 57f8cd SendMessageW SendMessageW SendMessageW 25306->25308 25307->25308 25310 57f924 SendMessageW 25308->25310 25311 57f901 SendMessageW 25308->25311 25309->25306 25312 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25310->25312 25311->25310 25313 57dd62 25312->25313 25313->25181 25424 57ff24 5 API calls 2 library calls 25313->25424 25319 56bafb 25314->25319 25315 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25316 56bbf0 25315->25316 25316->25203 25316->25204 25317 56bba8 25318 56bee1 13 API calls 25317->25318 25321 56bbd0 25317->25321 25318->25321 25319->25317 25320 56bbf9 25319->25320 25319->25321 25441 56bee1 25319->25441 25456 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 25320->25456 25321->25315 25324 56bbfe 25325->25211 25327 56b028 25326->25327 25328 56b096 CreateFileW 25327->25328 25329 56b08d 25327->25329 25328->25329 25330 56b0dd 25329->25330 25331 56da1e 6 API calls 25329->25331 25334 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25330->25334 25332 56b0c2 25331->25332 25332->25330 25333 56b0c6 CreateFileW 25332->25333 25333->25330 25335 56b111 25334->25335 25335->25270 25335->25271 25336->25248 25337->25258 25338->25274 25340 57ea19 25339->25340 25341 57f717 25340->25341 25342 57d5dd 6 API calls 25340->25342 25343 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25341->25343 25350 57ea7c _wcslen _wcsrchr 25342->25350 25344 57e110 25343->25344 25344->25286 25345 57d5dd 6 API calls 25345->25350 25346 57ed57 SetWindowTextW 25346->25350 25348 56dd18 5 API calls 25348->25350 25350->25341 25350->25345 25350->25346 25350->25348 25351 5866ae 22 API calls 25350->25351 25353 57eb4b SetFileAttributesW 25350->25353 25358 57d41c 100 API calls 25350->25358 25361 57f73c 25350->25361 25366 57ef75 SendMessageW 25350->25366 25467 57c5dd GetCurrentDirectoryW 25350->25467 25469 56c3de 11 API calls 25350->25469 25470 56c367 FindClose 25350->25470 25471 57d76e 76 API calls 3 library calls 25350->25471 25351->25350 25355 57ec05 GetFileAttributesW 25353->25355 25369 57eb65 _abort _wcslen 25353->25369 25355->25350 25357 57ec17 DeleteFileW 25355->25357 25357->25350 25359 57ec28 25357->25359 25360 57ef35 GetDlgItem SetWindowTextW SendMessageW 25358->25360 25364 564c00 _swprintf 51 API calls 25359->25364 25360->25350 25472 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 25361->25472 25363 57f741 25365 57ec48 GetFileAttributesW 25364->25365 25365->25359 25367 57ec5d MoveFileW 25365->25367 25366->25350 25367->25350 25368 57ec75 MoveFileExW 25367->25368 25368->25350 25369->25350 25369->25355 25468 56d8ac 51 API calls 2 library calls 25369->25468 25371 57fe13 25370->25371 25473 5726df 25371->25473 25373 57fe59 25477 568ddf 25373->25477 25375 57feb7 25487 568ff5 25375->25487 25383 57f9f8 25382->25383 25384 57c556 4 API calls 25383->25384 25385 57fa13 25384->25385 25386 57fa1b GetWindow 25385->25386 25389 57fae1 25385->25389 25386->25389 25394 57fa34 25386->25394 25387 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25388 57e256 25387->25388 25388->25141 25388->25142 25389->25387 25390 57fa41 GetClassNameW 25390->25394 25391 57fa65 GetWindowLongW 25392 57fac9 GetWindow 25391->25392 25393 57fa75 SendMessageW 25391->25393 25392->25389 25392->25394 25393->25392 25395 57fa8b GetObjectW 25393->25395 25394->25389 25394->25390 25394->25391 25394->25392 26034 57c595 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25395->26034 25397 57faa2 26035 57c574 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25397->26035 26036 57c79c 13 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25397->26036 25400 57fab3 SendMessageW DeleteObject 25400->25392 25401->25155 25403 57cb74 25402->25403 25404 57cb99 25402->25404 25403->25404 25407 57cb8b FindWindowExW 25403->25407 25405 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25404->25405 25406 57cbb2 25405->25406 25408 57d243 25406->25408 25407->25404 25409 57d255 25408->25409 25410 56147c 43 API calls 25409->25410 25411 57d2af 25410->25411 26037 5620eb 25411->26037 25414 57d2c5 25416 5616b8 86 API calls 25414->25416 25415 57d2d1 26044 561b0e 25415->26044 25418 57d2cd 25416->25418 25419 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25418->25419 25421 57d357 25419->25421 25420 5616b8 86 API calls 25420->25418 25421->25183 25421->25187 25422 57d2ed __InternalCxxFrameHandler ___std_exception_copy 25422->25420 25423->25233 25424->25181 25425->25186 25426->25252 25427->25278 25428->25282 25429->25288 25430->25293 25432->25225 25433->25244 25434->25221 25435->25208 25437 57d87f GetMessageW 25436->25437 25438 57d8b8 GetDlgItem 25436->25438 25439 57d895 IsDialogMessageW 25437->25439 25440 57d8a4 TranslateMessage DispatchMessageW 25437->25440 25438->25305 25438->25306 25439->25438 25439->25440 25440->25438 25442 56beee 25441->25442 25443 56bf1c 25442->25443 25444 56bf0f CreateDirectoryW 25442->25444 25445 56bccb 8 API calls 25443->25445 25444->25443 25446 56bf4f 25444->25446 25447 56bf22 25445->25447 25448 56bf5e 25446->25448 25457 56c2e5 25446->25457 25449 56bf62 GetLastError 25447->25449 25451 56da1e 6 API calls 25447->25451 25452 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25448->25452 25449->25448 25453 56bf38 25451->25453 25454 56bf85 25452->25454 25453->25449 25455 56bf3c CreateDirectoryW 25453->25455 25454->25319 25455->25446 25455->25449 25456->25324 25458 581590 25457->25458 25459 56c2f2 SetFileAttributesW 25458->25459 25460 56c314 25459->25460 25461 56c33f 25459->25461 25462 56da1e 6 API calls 25460->25462 25463 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25461->25463 25464 56c326 25462->25464 25465 56c34d 25463->25465 25464->25461 25466 56c32a SetFileAttributesW 25464->25466 25465->25448 25466->25461 25467->25350 25468->25369 25469->25350 25470->25350 25471->25350 25472->25363 25474 5726ec _wcslen 25473->25474 25506 561925 25474->25506 25476 572704 25476->25373 25478 568deb __EH_prolog3 25477->25478 25519 56ee0f 25478->25519 25480 568e0e 25481 58121c 27 API calls 25480->25481 25482 568e52 _abort 25481->25482 25483 58121c 27 API calls 25482->25483 25484 568e7a 25483->25484 25525 576b0d 25484->25525 25486 568eac 25486->25375 25488 568fff 25487->25488 25489 569080 25488->25489 25555 56c37a 25488->25555 25492 5690e5 25489->25492 25532 5696b9 25489->25532 25491 569127 25494 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25491->25494 25492->25491 25561 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25492->25561 25495 56914e 25494->25495 25497 568ebb 25495->25497 26025 56ab26 8 API calls _abort 25497->26025 25499 568ee6 25501 568ef7 Concurrency::cancel_current_task 25499->25501 26026 574396 25499->26026 25502 562179 26 API calls 25501->25502 25503 568f1e 25502->25503 26032 56eea4 86 API calls Concurrency::cancel_current_task 25503->26032 25507 561937 25506->25507 25513 56198f 25506->25513 25508 561960 25507->25508 25516 567bad 76 API calls 2 library calls 25507->25516 25510 5866ae 22 API calls 25508->25510 25512 561980 25510->25512 25511 561956 25517 567c32 75 API calls 25511->25517 25512->25513 25518 567c32 75 API calls 25512->25518 25513->25476 25516->25511 25517->25508 25518->25513 25520 56ee1b __EH_prolog3 25519->25520 25521 58121c 27 API calls 25520->25521 25523 56ee59 25521->25523 25522 58121c 27 API calls 25524 56ee7d 25522->25524 25523->25522 25524->25480 25526 576b19 __EH_prolog3 25525->25526 25527 58121c 27 API calls 25526->25527 25528 576b33 25527->25528 25530 576b4a 25528->25530 25531 572f22 80 API calls 25528->25531 25530->25486 25531->25530 25533 5696d4 25532->25533 25562 56147c 25533->25562 25535 5696fb 25536 56970c 25535->25536 25725 56b982 25535->25725 25542 569743 25536->25542 25572 561b63 25536->25572 25541 56973f 25541->25542 25591 5620a1 142 API calls __EH_prolog3 25541->25591 25717 5616b8 25542->25717 25546 5697e4 25592 56988e 81 API calls 25546->25592 25548 569842 25548->25542 25596 56441e 25548->25596 25608 569906 25548->25608 25549 5697fe 25549->25548 25593 573cf2 25549->25593 25550 56976b 25550->25546 25554 56c37a 12 API calls 25550->25554 25554->25550 25556 56c38f 25555->25556 25557 56c3bd 25556->25557 26012 56c4a8 25556->26012 25557->25488 25560 56c3a4 FindClose 25560->25557 25561->25491 25563 561488 __EH_prolog3 25562->25563 25564 56ee0f 27 API calls 25563->25564 25565 5614b7 25564->25565 25566 58121c 27 API calls 25565->25566 25569 56152b 25565->25569 25567 561518 25566->25567 25567->25569 25729 56668f 25567->25729 25737 56cc45 25569->25737 25571 5615b3 _abort 25571->25535 25573 561b6f __EH_prolog3 25572->25573 25585 561bbc 25573->25585 25588 561cef 25573->25588 25775 56145d 25573->25775 25576 561d21 25778 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25576->25778 25578 56441e 116 API calls 25581 561d6c 25578->25581 25579 561d2e 25579->25578 25579->25588 25580 561db4 25584 561de7 25580->25584 25580->25588 25779 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25580->25779 25581->25580 25583 56441e 116 API calls 25581->25583 25583->25581 25584->25588 25590 56b8c0 79 API calls 25584->25590 25585->25576 25585->25579 25585->25588 25586 56441e 116 API calls 25587 561e38 25586->25587 25587->25586 25587->25588 25588->25541 25589 56b8c0 79 API calls 25589->25585 25590->25587 25591->25550 25592->25549 25793 58029f 25593->25793 25597 56442e 25596->25597 25598 56442a 25596->25598 25607 56b8c0 79 API calls 25597->25607 25598->25548 25599 564440 25600 56445b 25599->25600 25601 564469 25599->25601 25603 56449b 25600->25603 25803 563ab7 104 API calls 3 library calls 25600->25803 25804 562fcb 116 API calls 3 library calls 25601->25804 25603->25548 25605 564467 25605->25603 25805 5625f4 74 API calls 25605->25805 25607->25599 25609 569918 25608->25609 25613 56997a 25609->25613 25640 569da2 Concurrency::cancel_current_task 25609->25640 25852 57ab94 117 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25609->25852 25610 56a820 25614 56a825 25610->25614 25615 56a86c 25610->25615 25612 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25616 56a862 25612->25616 25613->25610 25620 56999b 25613->25620 25613->25640 25614->25640 25894 568c06 166 API calls 25614->25894 25615->25640 25895 57ab94 117 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25615->25895 25616->25548 25620->25640 25806 566936 25620->25806 25621 569a71 25812 56d63a 25621->25812 25623 569bba 25627 569ce2 25623->25627 25623->25640 25855 569582 38 API calls 25623->25855 25625 569aa4 25625->25623 25853 56bf89 57 API calls 4 library calls 25625->25853 25631 56c37a 12 API calls 25627->25631 25634 569d40 25627->25634 25630 569c24 25854 589ea8 26 API calls 2 library calls 25630->25854 25631->25634 25633 56a0ac 25864 56f014 97 API calls 25633->25864 25816 568f84 25634->25816 25637 569dd1 25657 569e33 25637->25657 25856 564916 27 API calls 2 library calls 25637->25856 25640->25612 25641 56a0c3 25645 56a118 25641->25645 25660 56a0ce 25641->25660 25642 56a004 25642->25641 25646 56a033 25642->25646 25654 56a09b 25645->25654 25866 5693ac 119 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25645->25866 25648 56a174 25646->25648 25651 56bccb 8 API calls 25646->25651 25646->25654 25647 56a7d9 25652 56af2f 80 API calls 25647->25652 25648->25647 25672 56a1e2 25648->25672 25867 56b288 25648->25867 25649 56a116 25650 56af2f 80 API calls 25649->25650 25650->25640 25655 56a068 25651->25655 25652->25640 25654->25648 25654->25649 25655->25654 25863 56ac09 97 API calls 25655->25863 25656 569f71 25861 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25656->25861 25657->25640 25657->25656 25667 569f78 Concurrency::cancel_current_task 25657->25667 25857 568db7 41 API calls 25657->25857 25858 56f014 97 API calls 25657->25858 25859 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25657->25859 25860 56953f 98 API calls 25657->25860 25660->25649 25865 569155 123 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25660->25865 25663 56a231 25668 56c94d 27 API calls 25663->25668 25667->25642 25862 56bd61 50 API calls 3 library calls 25667->25862 25680 56a247 25668->25680 25670 56a1d0 25871 567e45 77 API calls 25670->25871 25822 56c94d 25672->25822 25673 56a31d 25674 56a511 25673->25674 25675 56a37c 25673->25675 25677 56a537 25674->25677 25678 56a523 25674->25678 25698 56a3b5 25674->25698 25676 56a43c 25675->25676 25679 56a394 25675->25679 25684 56d63a 5 API calls 25676->25684 25826 5753f0 25677->25826 25878 56ab81 25678->25878 25682 56a3db 25679->25682 25690 56a3a3 25679->25690 25680->25673 25685 56a2f4 25680->25685 25695 56b1e6 79 API calls 25680->25695 25682->25698 25874 5688a9 112 API calls 25682->25874 25688 56a466 25684->25688 25685->25673 25872 56b427 82 API calls 25685->25872 25686 56a550 25838 575099 25686->25838 25875 569582 38 API calls 25688->25875 25873 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25690->25873 25693 56a502 25693->25548 25695->25685 25697 56a47e 25697->25698 25699 56a494 25697->25699 25700 56a4ab 25697->25700 25698->25693 25703 56a5c5 25698->25703 25889 56c905 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25698->25889 25876 5685fc 86 API calls 25699->25876 25877 56a8b9 103 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25700->25877 25706 56a656 25703->25706 25890 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25703->25890 25705 56a764 25705->25647 25708 56c2e5 8 API calls 25705->25708 25706->25647 25706->25705 25707 56a712 25706->25707 25891 56b949 SetEndOfFile 25706->25891 25847 56b7e2 25707->25847 25711 56a7bf 25708->25711 25711->25647 25892 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25711->25892 25712 56a759 25713 56afd0 77 API calls 25712->25713 25713->25705 25715 56a7cf 25893 567d49 76 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25715->25893 25718 5616ca 25717->25718 25720 5616dc Concurrency::cancel_current_task 25717->25720 25718->25720 26006 561729 25718->26006 25721 562179 26 API calls 25720->25721 25722 56170b 25721->25722 26009 56eea4 86 API calls Concurrency::cancel_current_task 25722->26009 25726 56b999 25725->25726 25727 56b9a3 25726->25727 26011 567c87 78 API calls 25726->26011 25727->25536 25730 56669b __EH_prolog3 25729->25730 25745 56d467 25730->25745 25732 5666a5 25748 5711a5 25732->25748 25734 5666fc 25752 5668b3 GetCurrentProcess GetProcessAffinityMask 25734->25752 25736 566719 25736->25569 25738 56cc65 _abort 25737->25738 25763 56cb21 25738->25763 25743 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25744 56cc95 25743->25744 25744->25571 25753 56d4bd 25745->25753 25749 5711b1 __EH_prolog3 25748->25749 25762 564a2c 41 API calls 25749->25762 25751 5711ca 25751->25734 25752->25736 25754 56d4cf _abort 25753->25754 25757 5731c2 25754->25757 25760 573184 GetCurrentProcess GetProcessAffinityMask 25757->25760 25761 56d4b9 25760->25761 25761->25732 25762->25751 25770 56cb02 25763->25770 25765 56cb96 25766 562179 25765->25766 25767 562184 25766->25767 25768 562193 25766->25768 25774 5613db 26 API calls Concurrency::cancel_current_task 25767->25774 25768->25743 25771 56cb0b 25770->25771 25773 56cb10 25770->25773 25772 562179 26 API calls 25771->25772 25772->25773 25773->25765 25774->25768 25780 5618b2 25775->25780 25778->25588 25779->25584 25782 5618c4 25780->25782 25787 561476 25780->25787 25781 5618ed 25784 5866ae 22 API calls 25781->25784 25782->25781 25790 567bad 76 API calls 2 library calls 25782->25790 25785 56190a 25784->25785 25785->25787 25792 567c32 75 API calls 25785->25792 25786 5618e3 25791 567c32 75 API calls 25786->25791 25787->25589 25790->25786 25791->25781 25792->25787 25794 5802ac 25793->25794 25795 570597 53 API calls 25794->25795 25796 5802da 25795->25796 25797 564c00 _swprintf 51 API calls 25796->25797 25798 5802ec 25797->25798 25799 57f7fc 21 API calls 25798->25799 25800 5802fd 25799->25800 25801 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25800->25801 25802 573d08 25801->25802 25802->25548 25803->25605 25804->25605 25805->25603 25807 566946 25806->25807 25896 566852 25807->25896 25809 566979 25811 5669b1 25809->25811 25901 56d122 6 API calls 3 library calls 25809->25901 25811->25621 25815 56d644 25812->25815 25813 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25814 56d7d8 25813->25814 25814->25625 25815->25813 25817 568f99 25816->25817 25818 568fd1 25817->25818 25912 567e25 74 API calls 25817->25912 25818->25633 25818->25637 25818->25640 25820 568fc9 25913 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25820->25913 25823 56c95b 25822->25823 25825 56c965 25822->25825 25824 58121c 27 API calls 25823->25824 25824->25825 25825->25663 25827 575405 25826->25827 25829 57540f ___std_exception_copy 25826->25829 25914 567c32 75 API calls 25827->25914 25830 575495 25829->25830 25831 57553f 25829->25831 25834 5754b9 _abort 25829->25834 25915 575323 132 API calls 3 library calls 25830->25915 25916 5847d0 RaiseException 25831->25916 25834->25686 25836 57556b 25837 57559d 25836->25837 25917 57517f 132 API calls 25836->25917 25837->25686 25839 5750a2 25838->25839 25840 5750cb 25838->25840 25841 5750bf 25839->25841 25842 5750c1 25839->25842 25844 5750b7 25839->25844 25840->25841 25934 577576 137 API calls 2 library calls 25840->25934 25841->25698 25933 578250 132 API calls 25842->25933 25918 578c7e 25844->25918 25848 56b7f3 25847->25848 25851 56b802 25847->25851 25849 56b7f9 FlushFileBuffers 25848->25849 25848->25851 25849->25851 25850 56b87f SetFileTime 25850->25712 25851->25850 25852->25613 25853->25630 25854->25623 25855->25627 25856->25657 25857->25657 25858->25657 25859->25657 25860->25657 25861->25667 25862->25642 25863->25654 25864->25667 25865->25649 25866->25654 25868 56b291 GetFileType 25867->25868 25869 56a1ba 25867->25869 25868->25869 25869->25672 25870 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25869->25870 25870->25670 25871->25672 25872->25673 25873->25698 25874->25698 25875->25697 25876->25698 25877->25698 25879 56ab8d __EH_prolog3 25878->25879 26002 568fdb 25879->26002 25882 56145d 78 API calls 25883 56ab9b 25882->25883 25884 56f0d7 132 API calls 25883->25884 25888 56abae 25884->25888 25885 56abf6 25885->25698 25886 56f0d7 132 API calls 25886->25888 25888->25885 25888->25886 26005 56f2c3 97 API calls __InternalCxxFrameHandler 25888->26005 25889->25703 25890->25706 25891->25707 25892->25715 25893->25647 25894->25640 25895->25640 25902 566731 25896->25902 25898 566873 25898->25809 25900 566731 6 API calls 25900->25898 25901->25809 25903 56673b 25902->25903 25904 56d63a 5 API calls 25903->25904 25905 566765 25904->25905 25908 56d63a 5 API calls 25905->25908 25910 566833 25905->25910 25911 56d122 6 API calls 3 library calls 25905->25911 25906 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25907 566845 25906->25907 25907->25898 25907->25900 25908->25905 25910->25906 25911->25905 25912->25820 25913->25818 25914->25829 25915->25834 25916->25836 25917->25836 25935 575617 25918->25935 25921 5790ae 25961 57725b 98 API calls __InternalCxxFrameHandler 25921->25961 25923 5790be __InternalCxxFrameHandler 25924 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25923->25924 25925 579108 25924->25925 25925->25841 25928 578c9d __InternalCxxFrameHandler 25928->25921 25939 56f0d7 25928->25939 25950 57306d 25928->25950 25956 575e86 132 API calls 25928->25956 25957 579111 132 API calls 25928->25957 25958 5732af 81 API calls 25928->25958 25959 575991 98 API calls __InternalCxxFrameHandler 25928->25959 25960 57976f 137 API calls __InternalCxxFrameHandler 25928->25960 25933->25841 25934->25841 25937 575623 __EH_prolog3 _abort ___std_exception_copy 25935->25937 25936 575709 25936->25928 25937->25936 25962 567c32 75 API calls 25937->25962 25944 56f0ed __InternalCxxFrameHandler 25939->25944 25940 56f25d 25941 56f291 25940->25941 25963 56f08e 25940->25963 25943 56f2b2 25941->25943 25969 566c92 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25941->25969 25970 572ee4 25943->25970 25944->25940 25948 56f254 25944->25948 25967 56ca4c 91 API calls __EH_prolog3 25944->25967 25968 57ab94 117 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25944->25968 25948->25928 25951 57307e 25950->25951 25952 573079 25950->25952 25953 57308e 25951->25953 25994 5732af 81 API calls 25951->25994 25986 573105 25952->25986 25953->25928 25956->25928 25957->25928 25958->25928 25959->25928 25960->25928 25961->25923 25962->25937 25964 56f096 25963->25964 25965 56f0d3 25963->25965 25964->25965 25976 573ca6 25964->25976 25965->25941 25967->25944 25968->25944 25969->25943 25971 572eeb 25970->25971 25972 572f06 25971->25972 25984 567ba8 RaiseException std::_Xinvalid_argument 25971->25984 25974 572f17 SetThreadExecutionState 25972->25974 25985 567ba8 RaiseException std::_Xinvalid_argument 25972->25985 25974->25948 25979 58017f 25976->25979 25980 5722ef 25979->25980 25981 580196 SendDlgItemMessageW 25980->25981 25982 57d864 PeekMessageW GetMessageW IsDialogMessageW TranslateMessage DispatchMessageW 25981->25982 25983 573cc6 25982->25983 25983->25965 25984->25972 25985->25974 25987 57317e 25986->25987 25991 573110 25986->25991 25987->25951 25988 573115 CreateThread 25988->25991 25998 573240 25988->25998 25989 57316d SetThreadPriority 25989->25991 25991->25987 25991->25988 25991->25989 25995 567bad 76 API calls 2 library calls 25991->25995 25996 567d49 76 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25991->25996 25997 567ba8 RaiseException std::_Xinvalid_argument 25991->25997 25994->25953 25995->25991 25996->25991 25997->25991 26001 57324e 84 API calls 25998->26001 26000 573249 26001->26000 26003 56d076 6 API calls 26002->26003 26004 568fe0 26003->26004 26004->25882 26005->25888 26010 562155 26 API calls Concurrency::cancel_current_task 26006->26010 26008 561737 26010->26008 26011->25727 26013 56c4b2 26012->26013 26014 56c4e5 FindFirstFileW 26013->26014 26015 56c548 FindNextFileW 26013->26015 26017 56c4f2 26014->26017 26024 56c52d 26014->26024 26016 56c553 GetLastError 26015->26016 26015->26024 26016->26024 26018 56da1e 6 API calls 26017->26018 26019 56c505 26018->26019 26021 56c522 GetLastError 26019->26021 26022 56c509 FindFirstFileW 26019->26022 26020 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26023 56c39f 26020->26023 26021->26024 26022->26021 26022->26024 26023->25557 26023->25560 26024->26020 26025->25499 26027 5743a0 26026->26027 26028 5743b9 26027->26028 26031 5743cd 26027->26031 26033 572fc9 86 API calls 26028->26033 26030 5743c0 Concurrency::cancel_current_task 26030->26031 26033->26030 26034->25397 26035->25397 26036->25400 26038 56b982 78 API calls 26037->26038 26039 5620f7 26038->26039 26040 561b63 116 API calls 26039->26040 26043 562114 26039->26043 26041 562104 26040->26041 26041->26043 26048 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26041->26048 26043->25414 26043->25415 26045 561b1e 26044->26045 26047 561b1a 26044->26047 26049 561a55 26045->26049 26047->25422 26048->26043 26050 561a67 26049->26050 26051 561aa4 26049->26051 26052 56441e 116 API calls 26050->26052 26057 5648bd 26051->26057 26053 561a87 26052->26053 26053->26047 26061 5648c6 26057->26061 26058 56441e 116 API calls 26058->26061 26059 561ac5 26059->26053 26062 561fb0 26059->26062 26060 572ee4 2 API calls 26060->26061 26061->26058 26061->26059 26061->26060 26063 561fbc __EH_prolog3 26062->26063 26074 5644ab 26063->26074 26066 5618b2 78 API calls 26067 561ff0 26066->26067 26106 56199b 78 API calls 26067->26106 26068 562060 26068->26053 26070 562008 26072 562014 _wcslen 26070->26072 26107 573d10 MultiByteToWideChar 26070->26107 26108 56199b 78 API calls 26072->26108 26075 5644c6 26074->26075 26076 5644f4 26075->26076 26077 564510 26075->26077 26109 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26076->26109 26078 56476a 26077->26078 26082 56453c 26077->26082 26115 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26078->26115 26081 5644ff 26083 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26081->26083 26082->26081 26085 5753f0 132 API calls 26082->26085 26084 561fdf 26083->26084 26084->26066 26084->26068 26091 564589 26085->26091 26086 5645bb 26087 564646 26086->26087 26105 5645b2 26086->26105 26112 56f014 97 API calls 26086->26112 26089 56c94d 27 API calls 26087->26089 26088 5645b7 26088->26086 26111 5625da 78 API calls 26088->26111 26096 564659 26089->26096 26090 5645a7 26110 561407 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26090->26110 26091->26086 26091->26088 26091->26090 26093 574396 86 API calls 26093->26081 26097 5646f2 26096->26097 26098 5646e2 26096->26098 26100 575099 137 API calls 26097->26100 26099 56ab81 137 API calls 26098->26099 26101 5646f0 26099->26101 26100->26101 26113 56c905 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26101->26113 26103 56472a 26103->26105 26114 56240a 74 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26103->26114 26105->26093 26106->26070 26107->26072 26108->26068 26109->26081 26110->26105 26111->26086 26112->26087 26113->26103 26114->26105 26115->26081 26354 561890 86 API calls Concurrency::cancel_current_task 26420 58e680 GetProcessHeap 26422 58aaba 55 API calls _free 26267 5610b5 26268 56668f 43 API calls 26267->26268 26269 5610ba 26268->26269 26272 581932 29 API calls 26269->26272 26271 5610c4 26272->26271 26276 58bab0 26284 58d3ff 26276->26284 26279 58bac4 26281 58bacc 26282 58bad9 26281->26282 26292 58bae0 11 API calls 26281->26292 26285 58d2e8 __dosmaperr 5 API calls 26284->26285 26286 58d426 26285->26286 26287 58d43e TlsAlloc 26286->26287 26288 58d42f 26286->26288 26287->26288 26289 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26288->26289 26290 58baba 26289->26290 26290->26279 26291 58ba29 20 API calls 2 library calls 26290->26291 26291->26281 26292->26279 26360 5800b3 DialogBoxParamW 26309 5810a8 26310 5810b2 26309->26310 26311 580d3a ___delayLoadHelper2@8 14 API calls 26310->26311 26312 5810bf 26311->26312 26362 57b4a0 ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 26324 58e6a1 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26363 57f950 70 API calls 26364 58b150 7 API calls ___scrt_uninitialize_crt 26366 581d50 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 26367 58cd50 21 API calls 26427 579740 132 API calls 26370 573d49 7 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26429 566b70 41 API calls __EH_prolog3 26430 57d361 78 API calls 26374 57e560 91 API calls 2 library calls 26432 58531b 38 API calls 4 library calls 26123 58030b 26124 580318 26123->26124 26125 570597 53 API calls 26124->26125 26126 580333 26125->26126 26127 564c00 _swprintf 51 API calls 26126->26127 26128 580346 SetDlgItemTextW 26127->26128 26129 57d864 5 API calls 26128->26129 26130 580363 26129->26130 26131 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26130->26131 26132 580378 26131->26132 26381 580900 14 API calls ___delayLoadHelper2@8 26435 581b00 46 API calls __RTC_Initialize 26383 581d07 29 API calls _abort 26384 58e530 GetCommandLineA GetCommandLineW 26437 584f20 6 API calls 4 library calls 26439 57c3d0 GdipCloneImage GdipAlloc 26440 57b3d0 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24151 581bd2 24152 581bde ___scrt_is_nonwritable_in_current_image 24151->24152 24183 58176c 24152->24183 24154 581be5 24155 581d38 24154->24155 24158 581c0f 24154->24158 24262 581fca IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24155->24262 24157 581d3f 24255 58a7aa 24157->24255 24167 581c4e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24158->24167 24194 58b34d 24158->24194 24165 581c2e 24173 581caf 24167->24173 24258 58a29c 38 API calls 3 library calls 24167->24258 24169 581cb5 24203 58b29e 51 API calls 24169->24203 24171 581cbd 24204 58037c 24171->24204 24202 5820e5 GetStartupInfoW _abort 24173->24202 24177 581cd1 24177->24157 24178 581cd5 24177->24178 24179 581cde 24178->24179 24260 58a74d 28 API calls _abort 24178->24260 24261 5818dd 12 API calls ___scrt_uninitialize_crt 24179->24261 24182 581ce6 24182->24165 24184 581775 24183->24184 24264 581de6 IsProcessorFeaturePresent 24184->24264 24186 581781 24265 58507e 24186->24265 24188 581786 24189 58178a 24188->24189 24273 58b1d7 24188->24273 24189->24154 24192 5817a1 24192->24154 24195 58b364 24194->24195 24196 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24195->24196 24197 581c28 24196->24197 24197->24165 24198 58b2f1 24197->24198 24199 58b320 24198->24199 24200 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24199->24200 24201 58b349 24200->24201 24201->24167 24202->24169 24203->24171 24401 57290a 24204->24401 24208 5803aa 24457 57ccd9 24208->24457 24210 5803b3 _abort 24211 5803c6 GetCommandLineW 24210->24211 24212 5803d9 24211->24212 24213 58046a GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24211->24213 24461 57e872 24212->24461 24476 564c00 24213->24476 24218 580464 24468 57ffdd 24218->24468 24219 5803e7 OpenFileMappingW 24222 58045b CloseHandle 24219->24222 24223 5803ff MapViewOfFile 24219->24223 24222->24213 24225 580410 __InternalCxxFrameHandler 24223->24225 24226 580454 UnmapViewOfFile 24223->24226 24230 57ffdd 7 API calls 24225->24230 24226->24222 24233 58042c 24230->24233 24232 57afe6 27 API calls 24234 580546 DialogBoxParamW 24232->24234 24509 57136b 82 API calls 24233->24509 24239 580580 24234->24239 24236 580440 24510 571421 82 API calls _wcslen 24236->24510 24238 58044b 24238->24226 24240 580599 24239->24240 24241 580592 Sleep 24239->24241 24243 5805a7 24240->24243 24511 57cf89 7 API calls 3 library calls 24240->24511 24241->24240 24244 5805c6 DeleteObject 24243->24244 24245 5805db DeleteObject 24244->24245 24246 5805e2 24244->24246 24245->24246 24247 580613 24246->24247 24248 580625 24246->24248 24512 58004d 6 API calls 24247->24512 24506 57cd3f 24248->24506 24251 580619 CloseHandle 24251->24248 24252 58065f 24253 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24252->24253 24254 580673 24253->24254 24259 58211b GetModuleHandleW 24254->24259 24818 58a527 24255->24818 24258->24173 24259->24177 24260->24179 24261->24182 24262->24157 24264->24186 24277 586127 24265->24277 24269 58508f 24270 58509a 24269->24270 24291 586163 DeleteCriticalSection 24269->24291 24270->24188 24272 585087 24272->24188 24318 58e6aa 24273->24318 24276 58509d 7 API calls 2 library calls 24276->24189 24278 586130 24277->24278 24280 586159 24278->24280 24281 585083 24278->24281 24292 58636c 24278->24292 24297 586163 DeleteCriticalSection 24280->24297 24281->24272 24283 5851ac 24281->24283 24311 58627d 24283->24311 24286 5851c1 24286->24269 24288 5851cf 24289 5851dc 24288->24289 24317 5851df 6 API calls ___vcrt_FlsFree 24288->24317 24289->24269 24291->24272 24298 586192 24292->24298 24295 5863a4 InitializeCriticalSectionAndSpinCount 24296 58638f 24295->24296 24296->24278 24297->24281 24299 5861b3 24298->24299 24300 5861af 24298->24300 24299->24300 24301 58621b GetProcAddress 24299->24301 24304 58620c 24299->24304 24306 586232 LoadLibraryExW 24299->24306 24300->24295 24300->24296 24301->24300 24303 586229 24301->24303 24303->24300 24304->24301 24305 586214 FreeLibrary 24304->24305 24305->24301 24307 586249 GetLastError 24306->24307 24308 586279 24306->24308 24307->24308 24309 586254 ___vcrt_InitializeCriticalSectionEx 24307->24309 24308->24299 24309->24308 24310 58626a LoadLibraryExW 24309->24310 24310->24299 24312 586192 ___vcrt_InitializeCriticalSectionEx 5 API calls 24311->24312 24313 586297 24312->24313 24314 5862b0 TlsAlloc 24313->24314 24315 5851b6 24313->24315 24315->24286 24316 58632e 6 API calls ___vcrt_InitializeCriticalSectionEx 24315->24316 24316->24288 24317->24286 24321 58e6c7 24318->24321 24322 58e6c3 24318->24322 24319 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24320 581793 24319->24320 24320->24192 24320->24276 24321->24322 24324 58ccf0 24321->24324 24322->24319 24325 58ccfc ___scrt_is_nonwritable_in_current_image 24324->24325 24336 58d281 EnterCriticalSection 24325->24336 24327 58cd03 24337 58eb78 24327->24337 24329 58cd12 24330 58cd21 24329->24330 24350 58cb79 29 API calls 24329->24350 24352 58cd3d LeaveCriticalSection _abort 24330->24352 24333 58cd1c 24351 58cc2f GetStdHandle GetFileType 24333->24351 24335 58cd32 _abort 24335->24321 24336->24327 24338 58eb84 ___scrt_is_nonwritable_in_current_image 24337->24338 24339 58eba8 24338->24339 24340 58eb91 24338->24340 24353 58d281 EnterCriticalSection 24339->24353 24361 58bc7b 20 API calls __dosmaperr 24340->24361 24343 58eb96 24362 586649 26 API calls __cftof 24343->24362 24345 58ebe0 24363 58ec07 LeaveCriticalSection _abort 24345->24363 24346 58eba0 _abort 24346->24329 24347 58ebb4 24347->24345 24354 58eac9 24347->24354 24350->24333 24351->24330 24352->24335 24353->24347 24364 58d786 24354->24364 24356 58eae8 24378 58bafa 24356->24378 24357 58eadb 24357->24356 24371 58d55a 24357->24371 24360 58eb3a 24360->24347 24361->24343 24362->24346 24363->24346 24369 58d793 __dosmaperr 24364->24369 24365 58d7d3 24385 58bc7b 20 API calls __dosmaperr 24365->24385 24366 58d7be RtlAllocateHeap 24367 58d7d1 24366->24367 24366->24369 24367->24357 24369->24365 24369->24366 24384 58a2ec 7 API calls 2 library calls 24369->24384 24386 58d2e8 24371->24386 24374 58d59f InitializeCriticalSectionAndSpinCount 24375 58d58a 24374->24375 24376 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24375->24376 24377 58d5b6 24376->24377 24377->24357 24379 58bb2e _free 24378->24379 24380 58bb05 RtlFreeHeap 24378->24380 24379->24360 24380->24379 24381 58bb1a 24380->24381 24400 58bc7b 20 API calls __dosmaperr 24381->24400 24383 58bb20 GetLastError 24383->24379 24384->24369 24385->24367 24387 58d318 24386->24387 24390 58d314 24386->24390 24387->24374 24387->24375 24388 58d338 24388->24387 24391 58d344 GetProcAddress 24388->24391 24390->24387 24390->24388 24393 58d384 24390->24393 24392 58d354 __dosmaperr 24391->24392 24392->24387 24394 58d39a 24393->24394 24395 58d3a5 LoadLibraryExW 24393->24395 24394->24390 24396 58d3da 24395->24396 24397 58d3c2 GetLastError 24395->24397 24396->24394 24399 58d3f1 FreeLibrary 24396->24399 24397->24396 24398 58d3cd LoadLibraryExW 24397->24398 24398->24396 24399->24394 24400->24383 24513 581590 24401->24513 24404 572943 GetProcAddress 24407 572955 24404->24407 24408 57296d GetProcAddress 24404->24408 24405 572999 24406 572cda 24405->24406 24529 589e7e 42 API calls 2 library calls 24405->24529 24409 572cdc GetModuleFileNameW 24406->24409 24407->24408 24408->24405 24411 57297f 24408->24411 24427 572cfa 24409->24427 24411->24405 24412 572c06 24412->24409 24413 572c13 GetModuleFileNameW CreateFileW 24412->24413 24414 572c47 SetFilePointer 24413->24414 24415 572ccc CloseHandle 24413->24415 24414->24415 24416 572c55 ReadFile 24414->24416 24415->24409 24416->24415 24417 572c73 24416->24417 24419 572ede 24417->24419 24423 572c85 24417->24423 24536 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 24419->24536 24421 572ee3 24423->24415 24426 5728ab 7 API calls 24423->24426 24424 572d5c GetFileAttributesW 24425 572d74 24424->24425 24424->24427 24428 572db4 24425->24428 24429 572d7f 24425->24429 24426->24423 24427->24424 24427->24425 24515 56d076 24427->24515 24520 5728ab 24427->24520 24430 572ec3 24428->24430 24431 572dbc 24428->24431 24433 572d98 GetFileAttributesW 24429->24433 24436 572db0 24429->24436 24432 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24430->24432 24435 56d076 6 API calls 24431->24435 24434 572ed5 24432->24434 24433->24429 24433->24436 24456 57c5dd GetCurrentDirectoryW 24434->24456 24437 572dce 24435->24437 24436->24428 24438 572dd5 24437->24438 24439 572e3b 24437->24439 24441 5728ab 7 API calls 24438->24441 24440 564c00 _swprintf 51 API calls 24439->24440 24442 572e63 AllocConsole 24440->24442 24443 572ddf 24441->24443 24444 572e70 GetCurrentProcessId AttachConsole 24442->24444 24445 572ebb ExitProcess 24442->24445 24446 5728ab 7 API calls 24443->24446 24534 586433 24444->24534 24448 572de9 24446->24448 24530 570597 24448->24530 24449 572e91 GetStdHandle WriteConsoleW Sleep FreeConsole 24449->24445 24452 564c00 _swprintf 51 API calls 24453 572e17 24452->24453 24454 570597 53 API calls 24453->24454 24455 572e26 24454->24455 24455->24445 24456->24208 24458 5728ab 7 API calls 24457->24458 24459 57cced OleInitialize 24458->24459 24460 57cd10 GdiplusStartup SHGetMalloc 24459->24460 24460->24210 24462 57e87c 24461->24462 24465 574159 CharUpperW 24462->24465 24466 57e9a0 24462->24466 24568 571421 82 API calls _wcslen 24462->24568 24463 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24464 57e9b1 24463->24464 24464->24218 24464->24219 24465->24462 24466->24463 24469 581590 24468->24469 24470 57ffea SetEnvironmentVariableW 24469->24470 24472 580016 24470->24472 24471 58003e 24473 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24471->24473 24472->24471 24475 580032 SetEnvironmentVariableW 24472->24475 24474 580049 24473->24474 24474->24213 24475->24471 24569 564bd3 24476->24569 24479 57d9dd LoadBitmapW 24480 57d9fe 24479->24480 24481 57da0b GetObjectW 24479->24481 24637 57c652 FindResourceW 24480->24637 24483 57da1a 24481->24483 24632 57c556 24483->24632 24486 57da70 24498 56f93e 24486->24498 24488 57da4c 24651 57c595 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24488->24651 24490 57c652 12 API calls 24492 57da3d 24490->24492 24491 57da54 24652 57c574 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24491->24652 24492->24488 24494 57da43 DeleteObject 24492->24494 24494->24488 24495 57da5d 24653 57c79c 13 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24495->24653 24497 57da64 DeleteObject 24497->24486 24664 56f963 24498->24664 24503 57afe6 24801 58121c 24503->24801 24505 57b005 24505->24232 24507 57cd78 GdiplusShutdown OleUninitialize 24506->24507 24507->24252 24509->24236 24510->24238 24511->24243 24512->24251 24514 572914 GetModuleHandleW 24513->24514 24514->24404 24514->24405 24516 56d09c GetVersionExW 24515->24516 24517 56d0c9 24515->24517 24516->24517 24518 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24517->24518 24519 56d0f2 24518->24519 24519->24427 24521 581590 24520->24521 24522 5728b8 GetSystemDirectoryW 24521->24522 24523 5728de 24522->24523 24524 5728fa 24522->24524 24537 56dd18 24523->24537 24525 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24524->24525 24527 572906 24525->24527 24527->24427 24529->24412 24531 5705a7 24530->24531 24541 5705c8 24531->24541 24535 58643b 24534->24535 24535->24449 24535->24535 24536->24421 24538 56dd22 24537->24538 24539 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24538->24539 24540 56dda6 LoadLibraryW 24539->24540 24540->24524 24547 56f892 24541->24547 24544 5705c5 24544->24452 24545 5705eb LoadStringW 24545->24544 24546 570602 LoadStringW 24545->24546 24546->24544 24554 56f7b8 24547->24554 24550 56f8d3 24552 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24550->24552 24553 56f8e8 24552->24553 24553->24544 24553->24545 24555 56f7e1 24554->24555 24563 56f85d _strncpy 24554->24563 24560 56f801 24555->24560 24565 573f47 WideCharToMultiByte 24555->24565 24557 56f832 24567 588a01 26 API calls 3 library calls 24557->24567 24558 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24559 56f88b 24558->24559 24559->24550 24564 56f8ec 26 API calls 24559->24564 24560->24557 24566 570531 50 API calls __vsnprintf 24560->24566 24563->24558 24564->24550 24565->24560 24566->24557 24567->24563 24568->24462 24570 564bea __vsnwprintf_l 24569->24570 24573 588772 24570->24573 24576 586835 24573->24576 24577 58685d 24576->24577 24578 586875 24576->24578 24593 58bc7b 20 API calls __dosmaperr 24577->24593 24578->24577 24580 58687d 24578->24580 24595 586dd4 24580->24595 24581 586862 24594 586649 26 API calls __cftof 24581->24594 24585 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24587 564bf4 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24585->24587 24587->24479 24588 586905 24604 587184 51 API calls 3 library calls 24588->24604 24591 586910 24605 586e57 20 API calls _free 24591->24605 24592 58686d 24592->24585 24593->24581 24594->24592 24596 586df1 24595->24596 24597 58688d 24595->24597 24596->24597 24606 58b9a5 GetLastError 24596->24606 24603 586d9f 20 API calls 2 library calls 24597->24603 24599 586e12 24626 58bf86 38 API calls __fassign 24599->24626 24601 586e2b 24627 58bfb3 38 API calls __fassign 24601->24627 24603->24588 24604->24591 24605->24592 24607 58b9bb 24606->24607 24610 58b9c1 24606->24610 24628 58d4ab 11 API calls 2 library calls 24607->24628 24609 58d786 __dosmaperr 20 API calls 24611 58b9d3 24609->24611 24610->24609 24612 58ba10 SetLastError 24610->24612 24613 58b9db 24611->24613 24629 58d501 11 API calls 2 library calls 24611->24629 24612->24599 24615 58bafa _free 20 API calls 24613->24615 24617 58b9e1 24615->24617 24616 58b9f0 24616->24613 24618 58b9f7 24616->24618 24620 58ba1c SetLastError 24617->24620 24630 58b810 20 API calls __dosmaperr 24618->24630 24631 58b584 38 API calls _abort 24620->24631 24621 58ba02 24623 58bafa _free 20 API calls 24621->24623 24625 58ba09 24623->24625 24625->24612 24625->24620 24626->24601 24627->24597 24628->24610 24629->24616 24630->24621 24654 57c574 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24632->24654 24634 57c55d 24635 57c569 24634->24635 24655 57c595 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24634->24655 24635->24486 24635->24488 24635->24490 24638 57c675 SizeofResource 24637->24638 24639 57c763 24637->24639 24638->24639 24640 57c68c LoadResource 24638->24640 24639->24481 24639->24483 24640->24639 24641 57c6a1 LockResource 24640->24641 24641->24639 24642 57c6b2 GlobalAlloc 24641->24642 24642->24639 24643 57c6cd GlobalLock 24642->24643 24644 57c75c GlobalFree 24643->24644 24645 57c6dc __InternalCxxFrameHandler 24643->24645 24644->24639 24646 57c755 GlobalUnlock 24645->24646 24656 57c5b6 GdipAlloc 24645->24656 24646->24644 24649 57c72a GdipCreateHBITMAPFromBitmap 24650 57c740 24649->24650 24650->24646 24651->24491 24652->24495 24653->24497 24654->24634 24655->24635 24657 57c5d5 24656->24657 24658 57c5c8 24656->24658 24657->24646 24657->24649 24657->24650 24660 57c34d 24658->24660 24661 57c375 GdipCreateBitmapFromStream 24660->24661 24662 57c36e GdipCreateBitmapFromStreamICM 24660->24662 24663 57c37a 24661->24663 24662->24663 24663->24657 24665 56f975 24664->24665 24666 56f9cb GetModuleFileNameW 24665->24666 24667 56f9f8 24665->24667 24668 56f9df 24666->24668 24718 56b2b0 24667->24718 24668->24667 24670 56fa47 24731 588bc0 24670->24731 24674 5701bd 78 API calls 24677 56fa1b 24674->24677 24675 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24678 56f94a 24675->24678 24676 56fa5a 24679 588bc0 26 API calls 24676->24679 24677->24670 24677->24674 24690 56fc4f 24677->24690 24716 5701fa GetModuleHandleW FindResourceW 24678->24716 24687 56fa6c ___vcrt_InitializeCriticalSectionEx 24679->24687 24680 56fb92 24680->24690 24758 56b7b0 81 API calls 24680->24758 24682 56b8c0 79 API calls 24682->24687 24684 56fba9 ___std_exception_copy 24685 56b610 82 API calls 24684->24685 24684->24690 24688 56fbcf ___std_exception_copy 24685->24688 24687->24680 24687->24682 24687->24690 24752 56b610 24687->24752 24757 56b7b0 81 API calls 24687->24757 24688->24690 24713 56fbda _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 24688->24713 24759 573d10 MultiByteToWideChar 24688->24759 24745 56af2f 24690->24745 24692 56ffed 24708 56fd76 24692->24708 24762 58b52e 26 API calls 2 library calls 24692->24762 24693 5700b6 24766 589ea8 26 API calls 2 library calls 24693->24766 24695 570126 24696 57015c 24695->24696 24699 5701bd 78 API calls 24695->24699 24700 588bc0 26 API calls 24696->24700 24698 57010e 24767 5701d8 78 API calls 24698->24767 24699->24695 24702 570175 24700->24702 24703 588bc0 26 API calls 24702->24703 24703->24690 24705 57000c 24763 589ea8 26 API calls 2 library calls 24705->24763 24706 570064 24764 5701d8 78 API calls 24706->24764 24708->24695 24765 58b52e 26 API calls 2 library calls 24708->24765 24709 5701b7 24768 5813f9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 24709->24768 24710 573f47 WideCharToMultiByte 24710->24713 24712 5701bc 24713->24690 24713->24692 24713->24708 24713->24709 24713->24710 24760 570531 50 API calls __vsnprintf 24713->24760 24761 588a01 26 API calls 3 library calls 24713->24761 24717 56f951 24716->24717 24717->24503 24720 56b2ba 24718->24720 24719 56b334 CreateFileW 24721 56b34f GetLastError 24719->24721 24725 56b39b 24719->24725 24720->24719 24769 56da1e 24721->24769 24724 56b370 CreateFileW GetLastError 24724->24725 24727 56b395 24724->24727 24726 56b3df 24725->24726 24728 56b3c5 SetFileTime 24725->24728 24729 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24726->24729 24727->24725 24728->24726 24730 56b41e 24729->24730 24730->24677 24732 588bf9 24731->24732 24733 588bfd 24732->24733 24744 588c25 24732->24744 24775 58bc7b 20 API calls __dosmaperr 24733->24775 24735 588f49 24738 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24735->24738 24736 588c02 24776 586649 26 API calls __cftof 24736->24776 24739 588f56 24738->24739 24739->24676 24740 588c0d 24741 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24740->24741 24743 588c19 24741->24743 24743->24676 24744->24735 24777 588ae0 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24744->24777 24746 56af6e 24745->24746 24747 56af5d 24745->24747 24746->24675 24747->24746 24748 56af70 24747->24748 24749 56af69 24747->24749 24783 56afd0 24748->24783 24778 56b11a 24749->24778 24753 56b61c 24752->24753 24755 56b623 24752->24755 24753->24687 24755->24753 24756 56b151 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24755->24756 24800 567c95 77 API calls 24755->24800 24756->24755 24757->24687 24758->24684 24759->24713 24760->24713 24761->24713 24762->24705 24763->24706 24764->24708 24765->24693 24766->24698 24767->24695 24768->24712 24772 56da28 _wcslen 24769->24772 24770 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24771 56b36c 24770->24771 24771->24724 24771->24725 24773 56daf7 GetCurrentDirectoryW 24772->24773 24774 56da6f _wcslen 24772->24774 24773->24774 24774->24770 24775->24736 24776->24740 24777->24744 24779 56b14d 24778->24779 24782 56b123 24778->24782 24779->24746 24782->24779 24789 56bc65 24782->24789 24784 56affa 24783->24784 24785 56afdc 24783->24785 24786 56b019 24784->24786 24799 567b49 76 API calls 24784->24799 24785->24784 24787 56afe8 FindCloseChangeNotification 24785->24787 24786->24746 24787->24784 24790 581590 24789->24790 24791 56bc72 DeleteFileW 24790->24791 24792 56bc91 24791->24792 24793 56bcb9 24791->24793 24794 56da1e 6 API calls 24792->24794 24795 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24793->24795 24796 56bca3 24794->24796 24797 56b14b 24795->24797 24796->24793 24798 56bca7 DeleteFileW 24796->24798 24797->24746 24798->24793 24799->24786 24800->24755 24803 581221 ___std_exception_copy 24801->24803 24802 58123b 24802->24505 24803->24802 24805 58123d 24803->24805 24816 58a2ec 7 API calls 2 library calls 24803->24816 24806 564adb Concurrency::cancel_current_task 24805->24806 24807 581247 24805->24807 24814 5847d0 RaiseException 24806->24814 24817 5847d0 RaiseException 24807->24817 24809 564af7 24811 564b0d 24809->24811 24815 5613db 26 API calls Concurrency::cancel_current_task 24809->24815 24811->24505 24812 581de0 24814->24809 24815->24811 24816->24803 24817->24812 24819 58a533 _unexpected 24818->24819 24820 58a53a 24819->24820 24821 58a54c 24819->24821 24854 58a681 GetModuleHandleW 24820->24854 24842 58d281 EnterCriticalSection 24821->24842 24824 58a53f 24824->24821 24855 58a6c5 GetModuleHandleExW 24824->24855 24825 58a5f1 24843 58a631 24825->24843 24828 58a5c8 24833 58a5e0 24828->24833 24837 58b2f1 _abort 5 API calls 24828->24837 24831 58a63a 24864 5949b0 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24831->24864 24832 58a60e 24846 58a640 24832->24846 24838 58b2f1 _abort 5 API calls 24833->24838 24837->24833 24838->24825 24839 58a553 24839->24825 24839->24828 24863 58b040 20 API calls _abort 24839->24863 24842->24839 24865 58d2d1 LeaveCriticalSection 24843->24865 24845 58a60a 24845->24831 24845->24832 24866 58d6c6 24846->24866 24849 58a66e 24852 58a6c5 _abort 8 API calls 24849->24852 24850 58a64e GetPEB 24850->24849 24851 58a65e GetCurrentProcess TerminateProcess 24850->24851 24851->24849 24853 58a676 ExitProcess 24852->24853 24854->24824 24856 58a6ef GetProcAddress 24855->24856 24857 58a712 24855->24857 24858 58a704 24856->24858 24859 58a718 FreeLibrary 24857->24859 24860 58a721 24857->24860 24858->24857 24859->24860 24861 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24860->24861 24862 58a54b 24861->24862 24862->24821 24863->24828 24865->24845 24867 58d6eb 24866->24867 24871 58d6e1 24866->24871 24868 58d2e8 __dosmaperr 5 API calls 24867->24868 24868->24871 24869 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24870 58a64a 24869->24870 24870->24849 24870->24850 24871->24869 26443 58a7c0 52 API calls 2 library calls 26444 581bc0 27 API calls 26391 5955c0 VariantClear 26393 5829e0 51 API calls 2 library calls 26394 5711eb FreeLibrary 26451 56af90 80 API calls Concurrency::cancel_current_task 26452 57c390 GdipDisposeImage GdipFree 26395 594590 CloseHandle 26454 57d384 GetDlgItem EnableWindow ShowWindow SendMessageW 26138 58e180 26139 58e189 26138->26139 26140 58e192 26138->26140 26142 58e077 26139->26142 26143 58b9a5 _unexpected 38 API calls 26142->26143 26144 58e084 26143->26144 26162 58e19e 26144->26162 26146 58e08c 26171 58de0b 26146->26171 26149 58e0a3 26149->26140 26150 58bc8e __vsnwprintf_l 21 API calls 26151 58e0b4 26150->26151 26152 58e0e6 26151->26152 26178 58e240 26151->26178 26155 58bafa _free 20 API calls 26152->26155 26155->26149 26156 58e0e1 26188 58bc7b 20 API calls __dosmaperr 26156->26188 26158 58e12a 26158->26152 26189 58dce1 26 API calls 26158->26189 26159 58e0fe 26159->26158 26160 58bafa _free 20 API calls 26159->26160 26160->26158 26163 58e1aa ___scrt_is_nonwritable_in_current_image 26162->26163 26164 58b9a5 _unexpected 38 API calls 26163->26164 26169 58e1b4 26164->26169 26166 58e238 _abort 26166->26146 26169->26166 26170 58bafa _free 20 API calls 26169->26170 26190 58b584 38 API calls _abort 26169->26190 26191 58d281 EnterCriticalSection 26169->26191 26192 58e22f LeaveCriticalSection _abort 26169->26192 26170->26169 26172 586dd4 __fassign 38 API calls 26171->26172 26173 58de1d 26172->26173 26174 58de2c GetOEMCP 26173->26174 26175 58de3e 26173->26175 26177 58de55 26174->26177 26176 58de43 GetACP 26175->26176 26175->26177 26176->26177 26177->26149 26177->26150 26179 58de0b 40 API calls 26178->26179 26180 58e25f 26179->26180 26182 58e2b0 IsValidCodePage 26180->26182 26185 58e266 26180->26185 26187 58e2d5 _abort 26180->26187 26181 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26183 58e0d9 26181->26183 26184 58e2c2 GetCPInfo 26182->26184 26182->26185 26183->26156 26183->26159 26184->26185 26184->26187 26185->26181 26193 58dee3 GetCPInfo 26187->26193 26188->26152 26189->26152 26191->26169 26192->26169 26194 58dfc7 26193->26194 26200 58df1d 26193->26200 26197 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26194->26197 26199 58e073 26197->26199 26199->26185 26203 58efd8 26200->26203 26202 58d1c8 __vsnwprintf_l 43 API calls 26202->26194 26204 586dd4 __fassign 38 API calls 26203->26204 26205 58eff8 MultiByteToWideChar 26204->26205 26207 58f036 26205->26207 26208 58f0ce 26205->26208 26210 58bc8e __vsnwprintf_l 21 API calls 26207->26210 26213 58f057 _abort __vsnwprintf_l 26207->26213 26209 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26208->26209 26211 58df7e 26209->26211 26210->26213 26217 58d1c8 26211->26217 26212 58f0c8 26222 58d213 20 API calls _free 26212->26222 26213->26212 26215 58f09c MultiByteToWideChar 26213->26215 26215->26212 26216 58f0b8 GetStringTypeW 26215->26216 26216->26212 26218 586dd4 __fassign 38 API calls 26217->26218 26219 58d1db 26218->26219 26223 58cfab 26219->26223 26222->26208 26225 58cfc6 __vsnwprintf_l 26223->26225 26224 58cfec MultiByteToWideChar 26226 58d1a0 26224->26226 26227 58d016 26224->26227 26225->26224 26228 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26226->26228 26230 58bc8e __vsnwprintf_l 21 API calls 26227->26230 26233 58d037 __vsnwprintf_l 26227->26233 26229 58d1b3 26228->26229 26229->26202 26230->26233 26231 58d0ec 26259 58d213 20 API calls _free 26231->26259 26232 58d080 MultiByteToWideChar 26232->26231 26234 58d099 26232->26234 26233->26231 26233->26232 26250 58d5bc 26234->26250 26238 58d0fb 26242 58bc8e __vsnwprintf_l 21 API calls 26238->26242 26245 58d11c __vsnwprintf_l 26238->26245 26239 58d0c3 26239->26231 26240 58d5bc __vsnwprintf_l 11 API calls 26239->26240 26240->26231 26241 58d191 26258 58d213 20 API calls _free 26241->26258 26242->26245 26243 58d5bc __vsnwprintf_l 11 API calls 26246 58d170 26243->26246 26245->26241 26245->26243 26246->26241 26247 58d17f WideCharToMultiByte 26246->26247 26247->26241 26248 58d1bf 26247->26248 26260 58d213 20 API calls _free 26248->26260 26251 58d2e8 __dosmaperr 5 API calls 26250->26251 26252 58d5e3 26251->26252 26255 58d5ec 26252->26255 26261 58d644 10 API calls 3 library calls 26252->26261 26254 58d62c LCMapStringW 26254->26255 26256 5810f9 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26255->26256 26257 58d0b0 26256->26257 26257->26231 26257->26238 26257->26239 26258->26231 26259->26226 26260->26231 26261->26254 26396 582580 LocalFree 26455 57ea83 121 API calls 5 library calls 26262 580782 26263 580686 26262->26263 26264 580d3a ___delayLoadHelper2@8 14 API calls 26263->26264 26264->26263 26398 5811bf 48 API calls _unexpected 26294 56b9ba 26295 56b9cf 26294->26295 26296 56b9c8 26294->26296 26297 56b9dc GetStdHandle 26295->26297 26304 56b9eb 26295->26304 26297->26304 26298 56ba43 WriteFile 26298->26304 26299 56ba14 WriteFile 26300 56ba0f 26299->26300 26299->26304 26300->26299 26300->26304 26302 56bad5 26306 567e45 77 API calls 26302->26306 26304->26296 26304->26298 26304->26299 26304->26300 26304->26302 26305 567b1e 78 API calls 26304->26305 26305->26304 26306->26296 26314 5621a5 26315 5621b0 26314->26315 26316 5621b8 26314->26316 26320 5621ca 27 API calls Concurrency::cancel_current_task 26315->26320 26318 5621b6 26316->26318 26319 58121c 27 API calls 26316->26319 26319->26318 26320->26318 26402 57cda0 73 API calls

                                                                                                Executed Functions

                                                                                                Function 0057EA07 Relevance: 46.0, APIs: 22, Strings: 4, Instructions: 453fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 359 57ea07-57ea55 call 581590 362 57f717-57f739 call 5810f9 359->362 363 57ea5b-57ea81 call 57d5dd 359->363 368 57ea83 363->368 368->362 369 57ea89-57ea9d 368->369 370 57ea9e-57eab3 call 57d148 369->370 373 57eab5 370->373 374 57eab7-57eacc call 574168 373->374 377 57eace-57ead2 374->377 378 57ead9-57eadc 374->378 377->374 381 57ead4 377->381 379 57eae2 378->379 380 57f6ea-57f712 call 57d5dd 378->380 382 57ed4f-57ed51 379->382 383 57ecae-57ecb0 379->383 384 57ed6d-57ed6f 379->384 385 57eae9-57eaec 379->385 380->368 381->380 382->380 387 57ed57-57ed68 SetWindowTextW 382->387 383->380 389 57ecb6-57ecc2 383->389 384->380 388 57ed75-57ed7c 384->388 385->380 390 57eaf2-57eb46 call 57c5dd call 56dd18 call 56c351 call 56c48b call 567eed 385->390 387->380 388->380 392 57ed82-57ed9b 388->392 393 57ecd6-57ecdb 389->393 394 57ecc4-57ecd5 call 589f09 389->394 446 57ec85-57ec97 call 56c3de 390->446 396 57eda3-57edb1 call 586433 392->396 397 57ed9d 392->397 400 57ece5-57ecf0 call 57d76e 393->400 401 57ecdd-57ece3 393->401 394->393 396->380 414 57edb7-57edc0 396->414 397->396 405 57ecf5-57ecf7 400->405 401->405 407 57ed02-57ed22 call 586433 call 5866ae 405->407 408 57ecf9-57ed00 call 586433 405->408 434 57ed24-57ed2b 407->434 435 57ed3b-57ed3d 407->435 408->407 418 57edc2-57edc6 414->418 419 57ede9-57edec 414->419 422 57edf2-57edf5 418->422 424 57edc8-57edd0 418->424 421 57eee4-57eef2 call 57268b 419->421 419->422 438 57eef4-57ef08 call 584b4e 421->438 427 57edf7-57edfc 422->427 428 57ee02-57ee1d 422->428 424->380 430 57edd6-57ede4 call 57268b 424->430 427->421 427->428 447 57ee1f-57ee5a 428->447 448 57ee7a-57ee81 428->448 430->438 441 57ed32-57ed3a call 589f09 434->441 442 57ed2d-57ed2f 434->442 435->380 443 57ed43-57ed4a call 5866a9 435->443 458 57ef15-57ef66 call 57268b call 57d41c GetDlgItem SetWindowTextW SendMessageW call 588796 438->458 459 57ef0a-57ef0e 438->459 441->435 442->441 443->380 462 57ec9d-57eca9 call 56c367 446->462 463 57eb4b-57eb5f SetFileAttributesW 446->463 481 57ee5c-57ee63 447->481 482 57ee6b 447->482 452 57ee83-57ee9b call 586433 448->452 453 57eeaf-57eed2 call 586433 * 2 448->453 452->453 471 57ee9d-57eeaa call 572663 452->471 453->438 486 57eed4-57eee2 call 572663 453->486 498 57ef6b-57ef6f 458->498 459->458 465 57ef10-57ef12 459->465 462->380 469 57ec05-57ec15 GetFileAttributesW 463->469 470 57eb65-57eb98 call 56d8ac call 56d52f call 586433 463->470 465->458 469->446 478 57ec17-57ec26 DeleteFileW 469->478 506 57ebab-57ebb9 call 56dcd9 470->506 507 57eb9a-57eba9 call 586433 470->507 471->453 478->446 484 57ec28-57ec2b 478->484 487 57f73c-57f741 call 5813f9 481->487 488 57ee69 481->488 489 57ee70-57ee72 482->489 492 57ec2f-57ec5b call 564c00 GetFileAttributesW 484->492 486->438 488->489 489->448 504 57ec2d-57ec2e 492->504 505 57ec5d-57ec73 MoveFileW 492->505 498->380 502 57ef75-57ef89 SendMessageW 498->502 502->380 504->492 505->446 508 57ec75-57ec7f MoveFileExW 505->508 506->462 513 57ebbf-57ebfe call 586433 call 582640 506->513 507->506 507->513 508->446 513->469
                                                                                                APIs
                                                                                                  • Part of subcall function 0057D5DD: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0057D6C7
                                                                                                  • Part of subcall function 0057C5DD: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0057C5E5
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000,?,?,?,00000800,?,6033248F,?,00000000,00000001), ref: 0057EB53
                                                                                                • _wcslen.LIBCMT ref: 0057EB8D
                                                                                                • _wcslen.LIBCMT ref: 0057EBA1
                                                                                                • _wcslen.LIBCMT ref: 0057EBC6
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0057EC0C
                                                                                                • DeleteFileW.KERNEL32(?), ref: 0057EC1E
                                                                                                • _swprintf.LIBCMT ref: 0057EC43
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0057EC52
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0057EC6B
                                                                                                • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 0057EC7F
                                                                                                • _wcslen.LIBCMT ref: 0057ECFA
                                                                                                • _wcslen.LIBCMT ref: 0057ED03
                                                                                                • SetWindowTextW.USER32(?,?), ref: 0057ED62
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$_wcslen$Attributes$Move$CurrentDeleteDirectoryEnvironmentExpandStringsTextWindow_swprintf
                                                                                                • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                • API String ID: 2983673336-312220925
                                                                                                • Opcode ID: 44f81ac2999e5889af0897e12dc57ec34e9ef10851a5a3b350e8ea4c5995326c
                                                                                                • Instruction ID: 1b6ddc61550539ab002e9c6400dd3e0b26a9b80a84828225b78b83e6978f07b3
                                                                                                • Opcode Fuzzy Hash: 44f81ac2999e5889af0897e12dc57ec34e9ef10851a5a3b350e8ea4c5995326c
                                                                                                • Instruction Fuzzy Hash: 94F153729002499ADB31EFA4EC89EEF3BBCFF59310F04452AE909D7150EB709A49DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058037C Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 208filesleeptimeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 0057290A: GetModuleHandleW.KERNEL32 ref: 00572937
                                                                                                  • Part of subcall function 0057290A: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00572949
                                                                                                  • Part of subcall function 0057290A: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00572973
                                                                                                  • Part of subcall function 0057C5DD: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0057C5E5
                                                                                                  • Part of subcall function 0057CCD9: OleInitialize.OLE32(00000000), ref: 0057CCF2
                                                                                                  • Part of subcall function 0057CCD9: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0057CD29
                                                                                                  • Part of subcall function 0057CCD9: SHGetMalloc.SHELL32(005AC460), ref: 0057CD33
                                                                                                • GetCommandLineW.KERNEL32 ref: 005803C9
                                                                                                • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 005803F3
                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 00580404
                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 00580455
                                                                                                  • Part of subcall function 0057FFDD: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0057FFFE
                                                                                                  • Part of subcall function 0057FFDD: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00580038
                                                                                                  • Part of subcall function 00571421: _wcslen.LIBCMT ref: 00571445
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0058045C
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,005C2CC0,00000800), ref: 00580476
                                                                                                • SetEnvironmentVariableW.KERNEL32(sfxname,005C2CC0), ref: 00580482
                                                                                                • GetLocalTime.KERNEL32(?), ref: 0058048D
                                                                                                • _swprintf.LIBCMT ref: 005804E1
                                                                                                • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 005804F6
                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 005804FD
                                                                                                • LoadIconW.USER32(00000000,00000064), ref: 00580514
                                                                                                • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001DAE0,00000000), ref: 00580565
                                                                                                • Sleep.KERNEL32(?), ref: 00580593
                                                                                                • DeleteObject.GDI32 ref: 005805CC
                                                                                                • DeleteObject.GDI32(?), ref: 005805DC
                                                                                                • CloseHandle.KERNEL32 ref: 0058061F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
                                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$pPZ$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                • API String ID: 3014515783-4221014823
                                                                                                • Opcode ID: 5d9e1c20f9491f5fb023f517617b4effbb292f33f8ff49542641355af014495f
                                                                                                • Instruction ID: 3ff0819cafbc05ceb80f523a1bb8ebd43ddd5f34f11bba063d0e72cc7fb65f9e
                                                                                                • Opcode Fuzzy Hash: 5d9e1c20f9491f5fb023f517617b4effbb292f33f8ff49542641355af014495f
                                                                                                • Instruction Fuzzy Hash: 1D712471504305AFD720AB61EC4EF6F3FA8BB95740F008419F949A21A2EF758D4CEB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056F963 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 684COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800,6033248F), ref: 0056F9CD
                                                                                                  • Part of subcall function 0056E208: _wcslen.LIBCMT ref: 0056E210
                                                                                                  • Part of subcall function 00572663: _wcslen.LIBCMT ref: 00572669
                                                                                                  • Part of subcall function 00573D10: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,6033248F,?,?,6033248F,00000001,0056DA04,00000000,6033248F,?,00010458,?,?), ref: 00573D2C
                                                                                                • _wcslen.LIBCMT ref: 0056FD00
                                                                                                • __fprintf_l.LIBCMT ref: 0056FE50
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$ByteCharFileModuleMultiNameWide__fprintf_l
                                                                                                • String ID: ,$$%s:$*messages***$*messages***$@%s:$RTL$|lY
                                                                                                • API String ID: 2646189078-3569327146
                                                                                                • Opcode ID: 0872d131bfea87c1c16990eb7d2e49dd2724bbb53deb1858bfd551d068a7051a
                                                                                                • Instruction ID: 1599b2948098bc7d002b3089d63b2185ec3f09bf67270eceff59255e12ca2b5a
                                                                                                • Opcode Fuzzy Hash: 0872d131bfea87c1c16990eb7d2e49dd2724bbb53deb1858bfd551d068a7051a
                                                                                                • Instruction Fuzzy Hash: EB420371D00219EBDF24EFA4EC45AEEBBB4FF58310F50442AF909AB281EB715A45CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057C652 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 843 57c652-57c66f FindResourceW 844 57c675-57c686 SizeofResource 843->844 845 57c76b 843->845 844->845 847 57c68c-57c69b LoadResource 844->847 846 57c76d-57c771 845->846 847->845 848 57c6a1-57c6ac LockResource 847->848 848->845 849 57c6b2-57c6c7 GlobalAlloc 848->849 850 57c763-57c769 849->850 851 57c6cd-57c6d6 GlobalLock 849->851 850->846 852 57c75c-57c75d GlobalFree 851->852 853 57c6dc-57c6fa call 584250 851->853 852->850 857 57c755-57c756 GlobalUnlock 853->857 858 57c6fc-57c71e call 57c5b6 853->858 857->852 858->857 863 57c720-57c728 858->863 864 57c743-57c751 863->864 865 57c72a-57c73e GdipCreateHBITMAPFromBitmap 863->865 864->857 865->864 866 57c740 865->866 866->864
                                                                                                APIs
                                                                                                • FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,0057DA3D,00000066), ref: 0057C665
                                                                                                • SizeofResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C67C
                                                                                                • LoadResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C693
                                                                                                • LockResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C6A2
                                                                                                • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0057DA3D,00000066), ref: 0057C6BD
                                                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,?,0057DA3D,00000066), ref: 0057C6CE
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0057C756
                                                                                                  • Part of subcall function 0057C5B6: GdipAlloc.GDIPLUS(00000010), ref: 0057C5BC
                                                                                                • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0057C737
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0057C75D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                                                                • String ID: PNG
                                                                                                • API String ID: 541704414-364855578
                                                                                                • Opcode ID: d8d37277062d013a49fe22388826341273e397b3c4f485a3ba2ee8f05b7a4861
                                                                                                • Instruction ID: 83b38b0af0c2008817807fcae6231e049862ee5762494aaa52a08ce32e93055a
                                                                                                • Opcode Fuzzy Hash: d8d37277062d013a49fe22388826341273e397b3c4f485a3ba2ee8f05b7a4861
                                                                                                • Instruction Fuzzy Hash: E3315E75600602ABD7149F22EC88D1B7FA8FF95751B05452EF90992261EF31D808FFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056C4A8 Relevance: 7.6, APIs: 5, Instructions: 111fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1059 56c4a8-56c4e3 call 581590 1062 56c4e5-56c4f0 FindFirstFileW 1059->1062 1063 56c548-56c551 FindNextFileW 1059->1063 1064 56c563-56c606 call 57268b call 56e27e call 573724 * 3 1062->1064 1066 56c4f2-56c507 call 56da1e 1062->1066 1063->1064 1065 56c553-56c561 GetLastError 1063->1065 1070 56c60b-56c62c call 5810f9 1064->1070 1067 56c53d-56c543 1065->1067 1075 56c522-56c52b GetLastError 1066->1075 1076 56c509-56c520 FindFirstFileW 1066->1076 1067->1070 1079 56c52d-56c530 1075->1079 1080 56c53b 1075->1080 1076->1064 1076->1075 1079->1080 1082 56c532-56c535 1079->1082 1080->1067 1082->1080 1083 56c537-56c539 1082->1083 1083->1067
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNELBASE(?,?,00000000,?,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000), ref: 0056C4E6
                                                                                                  • Part of subcall function 0056DA1E: _wcslen.LIBCMT ref: 0056DA59
                                                                                                • FindFirstFileW.KERNEL32(?,00000000,?,?,00000800,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?), ref: 0056C516
                                                                                                • GetLastError.KERNEL32(?,?,00000800,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000,0000003A), ref: 0056C522
                                                                                                • FindNextFileW.KERNEL32(?,?,00000000,?,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000), ref: 0056C549
                                                                                                • GetLastError.KERNEL32(?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000,0000003A,?,0000003A,00000802), ref: 0056C555
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 42610566-0
                                                                                                • Opcode ID: 9db43d6a8df85ab1d0332ba305db17cb0174eda96da25c6cd55ca045973dd781
                                                                                                • Instruction ID: b8ef7457a9c2af58b3a258ded0c54689b6fe2edc30ac035edadf2bf27981fd5d
                                                                                                • Opcode Fuzzy Hash: 9db43d6a8df85ab1d0332ba305db17cb0174eda96da25c6cd55ca045973dd781
                                                                                                • Instruction Fuzzy Hash: 774164B1508745AFC724EF24D8859EAFBE8FB98350F004A1EF5DAD3240D734A958DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058A640 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(?,?,0058A616,?,0059F7B0,0000000C,0058A76D,?,00000002,00000000), ref: 0058A661
                                                                                                • TerminateProcess.KERNEL32(00000000,?,0058A616,?,0059F7B0,0000000C,0058A76D,?,00000002,00000000), ref: 0058A668
                                                                                                • ExitProcess.KERNEL32 ref: 0058A67A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 1703294689-0
                                                                                                • Opcode ID: b7335577eb7d270dd8ba9f7da46260906c8fb6de5f73119dcdf294b12cfcc268
                                                                                                • Instruction ID: a2712770d3da58ffb50ab3f1d70f6f8723ac6aa6cbb84823f2761fb8261dd2f3
                                                                                                • Opcode Fuzzy Hash: b7335577eb7d270dd8ba9f7da46260906c8fb6de5f73119dcdf294b12cfcc268
                                                                                                • Instruction Fuzzy Hash: 60E0B631840108AFDF117F65DD4DA483F6AFBA0741F054416FC09AA136EB36ED4AEB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00569906 Relevance: 2.4, Strings: 1, Instructions: 1169COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • __tmp_reference_source_, xrefs: 00569C0E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$AttributesFile_swprintf$CurrentH_prolog3Process__aulldiv_wcsrchr
                                                                                                • String ID: __tmp_reference_source_
                                                                                                • API String ID: 3636405837-685763994
                                                                                                • Opcode ID: 5032675cc459eb623ce7eeeb857d709e7c5f06415fa43e610bcea8d73b069c1f
                                                                                                • Instruction ID: 9392391799f99c9bf15e4b80c9551728baec2dfc37131ec59f7229623a36e237
                                                                                                • Opcode Fuzzy Hash: 5032675cc459eb623ce7eeeb857d709e7c5f06415fa43e610bcea8d73b069c1f
                                                                                                • Instruction Fuzzy Hash: DAA21970904285AEDF25DF64C889BFE7FB9BF45300F0845B9ED49AB282D7305A45CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00578C7E Relevance: .3, Instructions: 349COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: eeea85b86a97ef6500a248d19c22f17a5cee1883002a1a1dae3ccf591b881528
                                                                                                • Instruction ID: 477f4b52296b1b203df857a42192377e6a1bc997eee210be9f3dcb5157ff4499
                                                                                                • Opcode Fuzzy Hash: eeea85b86a97ef6500a248d19c22f17a5cee1883002a1a1dae3ccf591b881528
                                                                                                • Instruction Fuzzy Hash: E4D1D2B1A483418FCB24DF28D84876BBFE5BF89304F08856DE88D9B242D774E904DB56
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057290A Relevance: 101.8, APIs: 23, Strings: 35, Instructions: 327libraryfileloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 57290a-572941 call 581590 GetModuleHandleW 3 572943-572953 GetProcAddress 0->3 4 572999-572bfa 0->4 7 572955-57296b 3->7 8 57296d-57297d GetProcAddress 3->8 5 572c00-572c0d call 589e7e 4->5 6 572cda 4->6 9 572cdc-572d08 GetModuleFileNameW call 56e208 call 57268b 5->9 16 572c13-572c41 GetModuleFileNameW CreateFileW 5->16 6->9 7->8 8->4 11 57297f-572994 8->11 24 572d0a-572d16 call 56d076 9->24 11->4 19 572c47-572c53 SetFilePointer 16->19 20 572ccc-572cd8 CloseHandle 16->20 19->20 23 572c55-572c71 ReadFile 19->23 20->9 23->20 25 572c73-572c7f 23->25 32 572d45-572d6c call 56e27e GetFileAttributesW 24->32 33 572d18-572d23 call 5728ab 24->33 27 572c85-572ca4 25->27 28 572ede-572ee3 call 5813f9 25->28 30 572cc1-572cca call 5723d6 27->30 30->20 39 572ca6-572cc0 call 5728ab 30->39 42 572d76 32->42 43 572d6e-572d72 32->43 33->32 45 572d25-572d35 33->45 39->30 47 572d78-572d7d 42->47 43->24 46 572d74 43->46 51 572d40-572d43 45->51 46->47 49 572db4-572db6 47->49 50 572d7f 47->50 53 572ec3-572edb call 5810f9 49->53 54 572dbc-572dd3 call 56e252 call 56d076 49->54 52 572d81-572da8 call 56e27e GetFileAttributesW 50->52 51->32 51->43 62 572db2 52->62 63 572daa-572dae 52->63 66 572dd5-572e36 call 5728ab * 2 call 570597 call 564c00 call 570597 call 57c774 54->66 67 572e3b-572e6e call 564c00 AllocConsole 54->67 62->49 63->52 65 572db0 63->65 65->49 73 572ebb-572ebd ExitProcess 66->73 72 572e70-572eb5 GetCurrentProcessId AttachConsole call 586433 GetStdHandle WriteConsoleW Sleep FreeConsole 67->72 67->73 72->73
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32 ref: 00572937
                                                                                                • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00572949
                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00572973
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00572C1D
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00572C37
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00572C4B
                                                                                                • ReadFile.KERNEL32(00000000,?,00007FFE,$oY,00000000), ref: 00572C69
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00572CCD
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00572CE6
                                                                                                • CompareStringW.KERNEL32(00000400,00001001,poY,?,DXGIDebug.dll,?,$oY,?,00000000,?,00000800), ref: 00572D3A
                                                                                                • GetFileAttributesW.KERNELBASE(?,?,$oY,00000800,?,00000000,?,00000800), ref: 00572D64
                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00572DA0
                                                                                                  • Part of subcall function 005728AB: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 005728D4
                                                                                                  • Part of subcall function 005728AB: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00571309,Crypt32.dll,00000000,00571383,00000200,?,00571366,00000000,00000000,?), ref: 005728F4
                                                                                                • _swprintf.LIBCMT ref: 00572E12
                                                                                                • _swprintf.LIBCMT ref: 00572E5E
                                                                                                • AllocConsole.KERNEL32 ref: 00572E66
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00572E70
                                                                                                • AttachConsole.KERNEL32(00000000), ref: 00572E77
                                                                                                • _wcslen.LIBCMT ref: 00572E8C
                                                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00572E9D
                                                                                                • WriteConsoleW.KERNEL32(00000000), ref: 00572EA4
                                                                                                • Sleep.KERNEL32(00002710), ref: 00572EAF
                                                                                                • FreeConsole.KERNEL32 ref: 00572EB5
                                                                                                • ExitProcess.KERNEL32 ref: 00572EBD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite_wcslen
                                                                                                • String ID: $oY$$rY$$sY$(pY$(tY$,qY$4sY$<$<oY$<rY$@pY$DXGIDebug.dll$DqY$DtY$LsY$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$XoY$XpY$\qY$\tY$`rY$dsY$dwmapi.dll$kernel32$poY$ppY$tqY$uxtheme.dll$xrY$xsY$xtY$oY$pY
                                                                                                • API String ID: 270162209-564300713
                                                                                                • Opcode ID: a50afde03d1cb083387d3aacb50c095c66188872a4559e718feab2b1f79da321
                                                                                                • Instruction ID: 494c5da9f853b01dd6db460394202566c58d180edd6abb82a9cff93ecd76fb51
                                                                                                • Opcode Fuzzy Hash: a50afde03d1cb083387d3aacb50c095c66188872a4559e718feab2b1f79da321
                                                                                                • Instruction Fuzzy Hash: C5D16FB10183899BDB319F50D88DA9FBFECBB89304F50491EF58996251DBB0854CDBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057DAE0 Relevance: 95.2, APIs: 47, Strings: 7, Instructions: 750windowfilesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00561366: GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                  • Part of subcall function 00561366: SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0057DC06
                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0057DC24
                                                                                                • IsDialogMessageW.USER32(?,?), ref: 0057DC37
                                                                                                • TranslateMessage.USER32(?), ref: 0057DC45
                                                                                                • DispatchMessageW.USER32(?), ref: 0057DC4F
                                                                                                • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0057DC72
                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0057DC95
                                                                                                • GetDlgItem.USER32(?,00000068), ref: 0057DCB8
                                                                                                • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0057DCD3
                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,005965F4), ref: 0057DCE6
                                                                                                  • Part of subcall function 0057F77B: _wcslen.LIBCMT ref: 0057F7A5
                                                                                                • SetFocus.USER32(00000000), ref: 0057DCED
                                                                                                • _swprintf.LIBCMT ref: 0057DD4C
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,00000800), ref: 0057DDAF
                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,00000800), ref: 0057DDD7
                                                                                                • GetTickCount.KERNEL32 ref: 0057DDF5
                                                                                                • _swprintf.LIBCMT ref: 0057DE0D
                                                                                                • GetLastError.KERNEL32(?,00000011), ref: 0057DE3F
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,00000000,00000000,00000000,?,00000800), ref: 0057DE92
                                                                                                • _swprintf.LIBCMT ref: 0057DEC9
                                                                                                • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007402,winrarsfxmappingfile.tmp,?,?,?,?,005B3482,00000200), ref: 0057DF1D
                                                                                                • GetCommandLineW.KERNEL32(?,?,?,?,005B3482,00000200), ref: 0057DF33
                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,005B3482,00000400,00000001,00000001,?,?,?,?,005B3482,00000200), ref: 0057DF8A
                                                                                                • ShellExecuteExW.SHELL32(?), ref: 0057DFB2
                                                                                                • Sleep.KERNEL32(00000064,?,?,?,?,005B3482,00000200), ref: 0057DFFA
                                                                                                • UnmapViewOfFile.KERNEL32(?,?,0000421C,005B3482,00000400,?,?,?,?,005B3482,00000200), ref: 0057E023
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,005B3482,00000200), ref: 0057E02C
                                                                                                • _swprintf.LIBCMT ref: 0057E05F
                                                                                                • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0057E0BE
                                                                                                • SetDlgItemTextW.USER32(?,00000065,005965F4), ref: 0057E0D5
                                                                                                • GetDlgItem.USER32(?,00000065), ref: 0057E0DE
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0057E0ED
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0057E0FC
                                                                                                • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0057E1A9
                                                                                                • _wcslen.LIBCMT ref: 0057E1FF
                                                                                                • _swprintf.LIBCMT ref: 0057E229
                                                                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 0057E273
                                                                                                • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0057E28D
                                                                                                • GetDlgItem.USER32(?,00000068), ref: 0057E296
                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0057E2AC
                                                                                                • GetDlgItem.USER32(?,00000066), ref: 0057E2C6
                                                                                                • SetWindowTextW.USER32(00000000,005B589A), ref: 0057E2E8
                                                                                                • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0057E348
                                                                                                • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0057E35B
                                                                                                • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001D8C0,00000000,?), ref: 0057E3FE
                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 0057E4CC
                                                                                                • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0057E50E
                                                                                                • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0057E532
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Item$MessageText$Send$Window_swprintf$File$ErrorLast$DialogLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                                • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                • API String ID: 3247240745-1712381250
                                                                                                • Opcode ID: a7ed808cd920f2abb9e265c166e9d40ea831289a063b975c15b3ceef4f60dc2d
                                                                                                • Instruction ID: f371dde1c4d34252acaf8422d9ef06455098b59209b4c2143a29c4bf3afa0081
                                                                                                • Opcode Fuzzy Hash: a7ed808cd920f2abb9e265c166e9d40ea831289a063b975c15b3ceef4f60dc2d
                                                                                                • Instruction Fuzzy Hash: A342D270940749AEEB21AB60FC4EFBE3FB8BB69704F048055F509A61D1DB745A48FB21
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057F7FC Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 103windowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 0057D864: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0057D875
                                                                                                  • Part of subcall function 0057D864: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0057D886
                                                                                                  • Part of subcall function 0057D864: IsDialogMessageW.USER32(00010458,?), ref: 0057D89A
                                                                                                  • Part of subcall function 0057D864: TranslateMessage.USER32(?), ref: 0057D8A8
                                                                                                  • Part of subcall function 0057D864: DispatchMessageW.USER32(?), ref: 0057D8B2
                                                                                                • GetDlgItem.USER32(00000068,005C3CF0), ref: 0057F81F
                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,0057D099,00000001,?,?,0057DAB9,005982F0,005C3CF0,005C3CF0,00001000,005A50C4,00000000,?), ref: 0057F844
                                                                                                • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0057F853
                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,005965F4), ref: 0057F861
                                                                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0057F87B
                                                                                                • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0057F895
                                                                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0057F8D9
                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0057F8E4
                                                                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0057F8F7
                                                                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0057F91E
                                                                                                • SendMessageW.USER32(00000000,000000C2,00000000,0059769C), ref: 0057F92D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                • String ID: \
                                                                                                • API String ID: 3569833718-2967466578
                                                                                                • Opcode ID: 5103e769bb3098c3f748edd7172683b3d10e8278c951aae8644e1dea4d41e04d
                                                                                                • Instruction ID: b14ba500e7d99f7ca90fe42d49f5d0ecacde6af20454e72afa55824f1f918f21
                                                                                                • Opcode Fuzzy Hash: 5103e769bb3098c3f748edd7172683b3d10e8278c951aae8644e1dea4d41e04d
                                                                                                • Instruction Fuzzy Hash: E831D4B1249B04AFE310DF24EC4AF6B7FACFF6A704F040919F5A19A1D1D7605908EB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057FAFC Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 198COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 868 57fafc-57fb2e call 581590 871 57fb34-57fb40 call 586433 868->871 872 57fd7e-57fd95 call 5810f9 868->872 871->872 877 57fb46-57fb6e call 582640 871->877 880 57fb70 877->880 881 57fb78-57fb89 877->881 880->881 882 57fb94-57fb9d 881->882 883 57fb8b-57fb92 881->883 884 57fb9f-57fba3 882->884 885 57fbfa 882->885 883->884 887 57fba6-57fbac 884->887 886 57fbfe-57fc00 885->886 890 57fc07-57fc09 886->890 891 57fc02-57fc05 886->891 888 57fbae 887->888 889 57fbcd-57fbda 887->889 892 57fbb8-57fbc2 888->892 893 57fd53-57fd55 889->893 894 57fbe0-57fbe4 889->894 895 57fc1c-57fc32 call 56d848 890->895 896 57fc0b-57fc12 890->896 891->890 891->895 898 57fbc4 892->898 899 57fbb0-57fbb6 892->899 901 57fd59-57fd61 893->901 900 57fbea-57fbf4 894->900 894->901 906 57fc34-57fc41 call 574168 895->906 907 57fc4b-57fc56 call 56bccb 895->907 896->895 902 57fc14 896->902 898->889 899->892 904 57fbc6-57fbc9 899->904 900->887 905 57fbf6 900->905 901->886 902->895 904->889 905->885 906->907 912 57fc43 906->912 913 57fc73-57fc80 ShellExecuteExW 907->913 914 57fc58-57fc6f call 56d563 907->914 912->907 913->872 916 57fc86-57fc8c 913->916 914->913 918 57fc9f-57fca1 916->918 919 57fc8e-57fc95 916->919 920 57fca3-57fcac 918->920 921 57fcb8-57fcd7 call 58004d 918->921 919->918 922 57fc97-57fc9d 919->922 920->921 931 57fcae-57fcb6 ShowWindow 920->931 923 57fd0e-57fd1a CloseHandle 921->923 939 57fcd9-57fce1 921->939 922->918 922->923 924 57fd1c-57fd29 call 574168 923->924 925 57fd2b-57fd39 923->925 924->925 937 57fd66 924->937 929 57fd6d-57fd6f 925->929 930 57fd3b-57fd3d 925->930 929->872 936 57fd71-57fd73 929->936 930->929 934 57fd3f-57fd45 930->934 931->921 934->929 938 57fd47-57fd51 934->938 936->872 940 57fd75-57fd78 ShowWindow 936->940 937->929 938->929 939->923 941 57fce3-57fcf4 GetExitCodeProcess 939->941 940->872 941->923 942 57fcf6-57fd00 941->942 943 57fd07 942->943 944 57fd02 942->944 943->923 944->943
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0057FB35
                                                                                                • ShellExecuteExW.SHELL32(?), ref: 0057FC78
                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0057FCB0
                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 0057FCEC
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0057FD12
                                                                                                • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0057FD78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                • String ID: .exe$.inf
                                                                                                • API String ID: 36480843-3750412487
                                                                                                • Opcode ID: 89d55912220c3a6cdf021ffb4ed42d9fa9f5804548789226aed6e76303e949c6
                                                                                                • Instruction ID: 7744df5b4897bb31e563faae9d77ecc76e39bfe506d6d1f72d442a818c5ac556
                                                                                                • Opcode Fuzzy Hash: 89d55912220c3a6cdf021ffb4ed42d9fa9f5804548789226aed6e76303e949c6
                                                                                                • Instruction Fuzzy Hash: 1E61C1701083849ED731DF60E844ABA7FE4BF98744F04882DF8C897250D7709D88EB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058CFAB Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 945 58cfab-58cfc4 946 58cfda-58cfdf 945->946 947 58cfc6-58cfd6 call 59159c 945->947 949 58cfec-58d010 MultiByteToWideChar 946->949 950 58cfe1-58cfe9 946->950 947->946 955 58cfd8 947->955 952 58d1a3-58d1b6 call 5810f9 949->952 953 58d016-58d022 949->953 950->949 956 58d024-58d035 953->956 957 58d076 953->957 955->946 958 58d054-58d065 call 58bc8e 956->958 959 58d037-58d046 call 594660 956->959 961 58d078-58d07a 957->961 964 58d198 958->964 971 58d06b 958->971 959->964 970 58d04c-58d052 959->970 961->964 965 58d080-58d093 MultiByteToWideChar 961->965 969 58d19a-58d1a1 call 58d213 964->969 965->964 968 58d099-58d0ab call 58d5bc 965->968 975 58d0b0-58d0b4 968->975 969->952 974 58d071-58d074 970->974 971->974 974->961 975->964 977 58d0ba-58d0c1 975->977 978 58d0fb-58d107 977->978 979 58d0c3-58d0c8 977->979 981 58d109-58d11a 978->981 982 58d153 978->982 979->969 980 58d0ce-58d0d0 979->980 980->964 983 58d0d6-58d0f0 call 58d5bc 980->983 985 58d11c-58d12b call 594660 981->985 986 58d135-58d146 call 58bc8e 981->986 984 58d155-58d157 982->984 983->969 997 58d0f6 983->997 988 58d159-58d172 call 58d5bc 984->988 989 58d191-58d197 call 58d213 984->989 985->989 1000 58d12d-58d133 985->1000 986->989 1001 58d148 986->1001 988->989 1003 58d174-58d17b 988->1003 989->964 997->964 1002 58d14e-58d151 1000->1002 1001->1002 1002->984 1004 58d17d-58d17e 1003->1004 1005 58d1b7-58d1bd 1003->1005 1006 58d17f-58d18f WideCharToMultiByte 1004->1006 1005->1006 1006->989 1007 58d1bf-58d1c6 call 58d213 1006->1007 1007->969
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00587F99,00587F99,?,?,?,0058D1FC,00000001,00000001,62E85006), ref: 0058D005
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0058D1FC,00000001,00000001,62E85006,?,?,?), ref: 0058D08B
                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,62E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0058D185
                                                                                                • __freea.LIBCMT ref: 0058D192
                                                                                                  • Part of subcall function 0058BC8E: RtlAllocateHeap.NTDLL(00000000,?,?,?,00586A24,?,0000015D,?,?,?,?,00587F00,000000FF,00000000,?,?), ref: 0058BCC0
                                                                                                • __freea.LIBCMT ref: 0058D19B
                                                                                                • __freea.LIBCMT ref: 0058D1C0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1414292761-0
                                                                                                • Opcode ID: f3af074ea16822fe9b0db39bceb06738c3b73ce54f94a7a0e204e0314942812b
                                                                                                • Instruction ID: bd7b4b792e56735e4104b93061c5b74b9180353f275bcbab3fe5d45730c01580
                                                                                                • Opcode Fuzzy Hash: f3af074ea16822fe9b0db39bceb06738c3b73ce54f94a7a0e204e0314942812b
                                                                                                • Instruction Fuzzy Hash: 0D519172600216AAEB25AE64CC49EBE7FF9FF84750F154629FD05E6180DB34DC44D7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CB49 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1010 57cb49-57cb72 GetClassNameW 1011 57cb74-57cb89 call 574168 1010->1011 1012 57cb9a-57cb9c 1010->1012 1019 57cb8b-57cb97 FindWindowExW 1011->1019 1020 57cb99 1011->1020 1013 57cba7-57cbb3 call 5810f9 1012->1013 1014 57cb9e-57cba0 1012->1014 1014->1013 1019->1020 1020->1012
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000050), ref: 0057CB6A
                                                                                                • SHAutoComplete.SHLWAPI(?,00000010), ref: 0057CBA1
                                                                                                  • Part of subcall function 00574168: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,000000FF,0056E084,00000000,.exe,?,?,00000800,?,?,?,0057AD5D), ref: 0057417E
                                                                                                • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0057CB91
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                • String ID: @Ut$EDIT
                                                                                                • API String ID: 4243998846-2065656831
                                                                                                • Opcode ID: ab0ca373f59f962790231d8a63c0dac80d3c198d3a10c155659699d11fea6448
                                                                                                • Instruction ID: ae1d751d445a113c4554d33df19d1636ccfc8bc7cba3079d7475834ed01b2063
                                                                                                • Opcode Fuzzy Hash: ab0ca373f59f962790231d8a63c0dac80d3c198d3a10c155659699d11fea6448
                                                                                                • Instruction Fuzzy Hash: EAF0C831601718EFDB209B249C0AF9F7FACEF9AB00F404059B949BB180D770DA05DAA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CCD9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 005728AB: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 005728D4
                                                                                                  • Part of subcall function 005728AB: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00571309,Crypt32.dll,00000000,00571383,00000200,?,00571366,00000000,00000000,?), ref: 005728F4
                                                                                                • OleInitialize.OLE32(00000000), ref: 0057CCF2
                                                                                                • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0057CD29
                                                                                                • SHGetMalloc.SHELL32(005AC460), ref: 0057CD33
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                • String ID: riched20.dll$3So
                                                                                                • API String ID: 3498096277-3464455743
                                                                                                • Opcode ID: 5247aff51cebc5eec9a8a451ef0b58cc2b6a1744f4e89b916074a8d40086567b
                                                                                                • Instruction ID: fd128aaade6e4462dc2a56f6e184e25dc8ba0e596f2c2f0e3ff8ab535cae6baa
                                                                                                • Opcode Fuzzy Hash: 5247aff51cebc5eec9a8a451ef0b58cc2b6a1744f4e89b916074a8d40086567b
                                                                                                • Instruction Fuzzy Hash: 1CF0E7B190420DABCB10AF9A98499AFBFBCEF98705F00405AA815B2251DBB456499FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B2B0 Relevance: 7.6, APIs: 5, Instructions: 119filetimeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1025 56b2b0-56b2ea call 581590 1028 56b2f5 1025->1028 1029 56b2ec-56b2ef 1025->1029 1031 56b2f7-56b308 1028->1031 1029->1028 1030 56b2f1-56b2f3 1029->1030 1030->1031 1032 56b310-56b31a 1031->1032 1033 56b30a 1031->1033 1034 56b31f-56b32c call 567eed 1032->1034 1035 56b31c 1032->1035 1033->1032 1038 56b334-56b34d CreateFileW 1034->1038 1039 56b32e 1034->1039 1035->1034 1040 56b34f-56b36e GetLastError call 56da1e 1038->1040 1041 56b39b-56b39f 1038->1041 1039->1038 1044 56b3a8-56b3ad 1040->1044 1047 56b370-56b393 CreateFileW GetLastError 1040->1047 1042 56b3a3-56b3a6 1041->1042 1042->1044 1045 56b3b9-56b3be 1042->1045 1044->1045 1048 56b3af 1044->1048 1049 56b3c0-56b3c3 1045->1049 1050 56b3df-56b3f0 1045->1050 1047->1042 1051 56b395-56b399 1047->1051 1048->1045 1049->1050 1052 56b3c5-56b3d9 SetFileTime 1049->1052 1053 56b3f2-56b407 call 57268b 1050->1053 1054 56b40b-56b424 call 5810f9 1050->1054 1051->1042 1052->1050 1053->1054
                                                                                                APIs
                                                                                                • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00568846,?,00000005), ref: 0056B342
                                                                                                • GetLastError.KERNEL32(?,?,00568846,?,00000005), ref: 0056B34F
                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00568846,?,00000005), ref: 0056B382
                                                                                                • GetLastError.KERNEL32(?,?,00568846,?,00000005), ref: 0056B38A
                                                                                                • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00568846,?,00000005), ref: 0056B3D9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$CreateErrorLast$Time
                                                                                                • String ID:
                                                                                                • API String ID: 1999340476-0
                                                                                                • Opcode ID: bbf98039d349bea0cd5667d555c12e8651520dc1b6053d3bf2ddeb9a7a2cd529
                                                                                                • Instruction ID: 2f890a9b688170560e1701710da04728644e2d2e929bdbd2cdeadf95cb9b72f0
                                                                                                • Opcode Fuzzy Hash: bbf98039d349bea0cd5667d555c12e8651520dc1b6053d3bf2ddeb9a7a2cd529
                                                                                                • Instruction Fuzzy Hash: 91412A70644745AFE320DF24DC4979ABFD8BB54310F100E1AF9A1D72C1D7B0A999CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D864 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1088 57d864-57d87d PeekMessageW 1089 57d87f-57d893 GetMessageW 1088->1089 1090 57d8b8-57d8ba 1088->1090 1091 57d895-57d8a2 IsDialogMessageW 1089->1091 1092 57d8a4-57d8b2 TranslateMessage DispatchMessageW 1089->1092 1091->1090 1091->1092 1092->1090
                                                                                                APIs
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0057D875
                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0057D886
                                                                                                • IsDialogMessageW.USER32(00010458,?), ref: 0057D89A
                                                                                                • TranslateMessage.USER32(?), ref: 0057D8A8
                                                                                                • DispatchMessageW.USER32(?), ref: 0057D8B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                                • String ID:
                                                                                                • API String ID: 1266772231-0
                                                                                                • Opcode ID: 86d28cd48e37b581860cb856c3dd0e8244bb38ba381eaeb2770dce421212df32
                                                                                                • Instruction ID: d79534b6d233635ee79b5310de2adb5f4bc90e7c8c4ba4778322950122487947
                                                                                                • Opcode Fuzzy Hash: 86d28cd48e37b581860cb856c3dd0e8244bb38ba381eaeb2770dce421212df32
                                                                                                • Instruction Fuzzy Hash: DAF0D07290521DABDF20ABE6EC4CDDB7F7CFE192517008415B51AE2050E728D50ADFB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057FFDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1093 57ffdd-580011 call 581590 SetEnvironmentVariableW call 5723d6 1097 580016-58001a 1093->1097 1098 58001c-580020 1097->1098 1099 58003e-58004a call 5810f9 1097->1099 1100 580029-580030 call 5724f2 1098->1100 1105 580022-580028 1100->1105 1106 580032-580038 SetEnvironmentVariableW 1100->1106 1105->1100 1106->1099
                                                                                                APIs
                                                                                                • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0057FFFE
                                                                                                • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00580038
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnvironmentVariable
                                                                                                • String ID: sfxcmd$sfxpar
                                                                                                • API String ID: 1431749950-3493335439
                                                                                                • Opcode ID: 9aabc5e3abbf0e7cb327d2d8536d7577a907b3d86a87576d424131b9ec9b8a46
                                                                                                • Instruction ID: ebec36e140f060b3da64f1ccf58d470e50bcd39b07be495afa502473c9c6ad53
                                                                                                • Opcode Fuzzy Hash: 9aabc5e3abbf0e7cb327d2d8536d7577a907b3d86a87576d424131b9ec9b8a46
                                                                                                • Instruction Fuzzy Hash: BEF04671901235EBCB20BB909C0A9BF7B9CFF1EB40B400406BD01A7181DAB09D48EBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00586232 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1107 586232-586247 LoadLibraryExW 1108 586249-586252 GetLastError 1107->1108 1109 58627b-58627c 1107->1109 1110 586279 1108->1110 1111 586254-586268 call 5888f8 1108->1111 1110->1109 1111->1110 1114 58626a-586278 LoadLibraryExW 1111->1114
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000011,00000000,00000800,?,005861E3,00000000,00000001,005C60C8,?,?,?,00586386,00000004,InitializeCriticalSectionEx,00599624,InitializeCriticalSectionEx), ref: 0058623F
                                                                                                • GetLastError.KERNEL32(?,005861E3,00000000,00000001,005C60C8,?,?,?,00586386,00000004,InitializeCriticalSectionEx,00599624,InitializeCriticalSectionEx,00000000,?,0058613D), ref: 00586249
                                                                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,00585083), ref: 00586271
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID: api-ms-
                                                                                                • API String ID: 3177248105-2084034818
                                                                                                • Opcode ID: 60610b8626f8a1be49be6a332cab35d8a2ffafd8893db29a680e407c76a02b31
                                                                                                • Instruction ID: 698917a6589bd4c72616dd0bdf6f66e1acbe3dad157cd04efe0cef0a2d1bc103
                                                                                                • Opcode Fuzzy Hash: 60610b8626f8a1be49be6a332cab35d8a2ffafd8893db29a680e407c76a02b31
                                                                                                • Instruction Fuzzy Hash: 8CE04F38680304B7EF202F60EC0AF693F65BF10B51F110061FD0EB80E1EBA19958AA85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B151 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1115 56b151-56b15d 1116 56b15f-56b167 GetStdHandle 1115->1116 1117 56b16a-56b181 ReadFile 1115->1117 1116->1117 1118 56b183-56b18c call 56b288 1117->1118 1119 56b1dd 1117->1119 1123 56b1a5-56b1a9 1118->1123 1124 56b18e-56b196 1118->1124 1121 56b1e0-56b1e3 1119->1121 1126 56b1ba-56b1be 1123->1126 1127 56b1ab-56b1b4 GetLastError 1123->1127 1124->1123 1125 56b198 1124->1125 1130 56b199-56b1a3 call 56b151 1125->1130 1128 56b1c0-56b1c8 1126->1128 1129 56b1d8-56b1db 1126->1129 1127->1126 1131 56b1b6-56b1b8 1127->1131 1128->1129 1132 56b1ca-56b1d3 GetLastError 1128->1132 1129->1121 1130->1121 1131->1121 1132->1129 1134 56b1d5-56b1d6 1132->1134 1134->1130
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F6,?,?,?,00000000,0056B662,?,?,00000000,?,?), ref: 0056B161
                                                                                                • ReadFile.KERNELBASE(?,?,00000000,?,00000000,?,?,?,00000000,0056B662,?,?,00000000,?,?), ref: 0056B179
                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,0056B662,?,?,00000000,?,?), ref: 0056B1AB
                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,0056B662,?,?,00000000,?,?), ref: 0056B1CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                                • String ID:
                                                                                                • API String ID: 2244327787-0
                                                                                                • Opcode ID: fe79d0a8bad3e3611d5192242c1b080f6f4b63c3faaa66d5806573453c9eecfd
                                                                                                • Instruction ID: ab3a7f1ff3f608e616caf265cd1cc69a0d6f3ffa866871e94c7483c0231ade4f
                                                                                                • Opcode Fuzzy Hash: fe79d0a8bad3e3611d5192242c1b080f6f4b63c3faaa66d5806573453c9eecfd
                                                                                                • Instruction Fuzzy Hash: AD118270900614FBFB215F20CC286693FA9FB523A1F10492AF816C7290DB71DEC8DB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D384 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,0058688D,00000000,00000000,?,0058D32B,0058688D,00000000,00000000,00000000,?,0058D528,00000006,FlsSetValue), ref: 0058D3B6
                                                                                                • GetLastError.KERNEL32(?,0058D32B,0058688D,00000000,00000000,00000000,?,0058D528,00000006,FlsSetValue,0059AC00,FlsSetValue,00000000,00000364,?,0058BA77), ref: 0058D3C2
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0058D32B,0058688D,00000000,00000000,00000000,?,0058D528,00000006,FlsSetValue,0059AC00,FlsSetValue,00000000), ref: 0058D3D0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 3177248105-0
                                                                                                • Opcode ID: 0b9f9666705c15f25ea4313ca6b3167d9e13703c2e8c5a979daf1fc977246d2d
                                                                                                • Instruction ID: dfb35961643bfef371391549f7c11c6817a5e891d620817ff6879c188e22910d
                                                                                                • Opcode Fuzzy Hash: 0b9f9666705c15f25ea4313ca6b3167d9e13703c2e8c5a979daf1fc977246d2d
                                                                                                • Instruction Fuzzy Hash: A701D436611226ABCB216B699C84A577FE8FB147A17120E20FD16E71C0DF20D80487F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058E077 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058B9A5: GetLastError.KERNEL32(?,005A50C4,00586E12,005A50C4,?,?,0058688D,?,?,005A50C4), ref: 0058B9A9
                                                                                                  • Part of subcall function 0058B9A5: _free.LIBCMT ref: 0058B9DC
                                                                                                  • Part of subcall function 0058B9A5: SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BA1D
                                                                                                  • Part of subcall function 0058B9A5: _abort.LIBCMT ref: 0058BA23
                                                                                                  • Part of subcall function 0058E19E: _abort.LIBCMT ref: 0058E1D0
                                                                                                  • Part of subcall function 0058E19E: _free.LIBCMT ref: 0058E204
                                                                                                  • Part of subcall function 0058DE0B: GetOEMCP.KERNEL32(00000000,?,?,0058E094,?), ref: 0058DE36
                                                                                                • _free.LIBCMT ref: 0058E0EF
                                                                                                • _free.LIBCMT ref: 0058E125
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorLast_abort
                                                                                                • String ID: p,Z
                                                                                                • API String ID: 2991157371-423584262
                                                                                                • Opcode ID: 274ee780de66ba67b417af2d6cec430c2af192fcf152e5fea3587b22064b061f
                                                                                                • Instruction ID: fe72f5b55d7b45c004c8c1a852f362103d26880b56dc4b328a7e6ec2c77d1d4c
                                                                                                • Opcode Fuzzy Hash: 274ee780de66ba67b417af2d6cec430c2af192fcf152e5fea3587b22064b061f
                                                                                                • Instruction Fuzzy Hash: 8431843190420AEFDB10FBA9D44AAA97FF5BF81320F254499ED04AB291DBB25D41DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00573105 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNELBASE(00000000,00010000,Function_00013240,?,00000000,?), ref: 00573129
                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000), ref: 00573170
                                                                                                  • Part of subcall function 00567BAD: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00567BD5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                • String ID: CreateThread failed
                                                                                                • API String ID: 2655393344-3849766595
                                                                                                • Opcode ID: c8da62deb24e484e97e1cf0d8daf45080080572ea9e9896012c749a58a4db899
                                                                                                • Instruction ID: 317652ede0dce6030c9722deaa6350d6968276fb08c3062dd93c91bcf26b2e18
                                                                                                • Opcode Fuzzy Hash: c8da62deb24e484e97e1cf0d8daf45080080572ea9e9896012c749a58a4db899
                                                                                                • Instruction Fuzzy Hash: 3A014E753047066FD3207F50EC85F667FE8FB55721F10012EF685571C0DAA06844E664
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005705C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00567BEB,?,00561436,00567BEB), ref: 005705F8
                                                                                                • LoadStringW.USER32(00567BEB,?,00561436), ref: 0057060F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString
                                                                                                • String ID: pPZ
                                                                                                • API String ID: 2948472770-2595575036
                                                                                                • Opcode ID: c29e68bdacf5e925cdb4c43e9731b2124e9a819412b1dde9e23286363e4f6dc0
                                                                                                • Instruction ID: e63420f3772460554fdc1a79290bfbeca949e01b9941be393931ae2d8e5ec513
                                                                                                • Opcode Fuzzy Hash: c29e68bdacf5e925cdb4c43e9731b2124e9a819412b1dde9e23286363e4f6dc0
                                                                                                • Instruction Fuzzy Hash: 7EF0F231100619FFCF111F56EC18CAB7FAAFF5A394B048025FD0886131E3328864EBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B9BA Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0056F306,00000001,?,?,?,00000000,00577564,?,?,?,?), ref: 0056B9DE
                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0056BA25
                                                                                                • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0056F306,00000001,?,?,?), ref: 0056BA51
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite$Handle
                                                                                                • String ID:
                                                                                                • API String ID: 4209713984-0
                                                                                                • Opcode ID: 8b0b4fd867a4e0722c717f5fcbd41c3f7f05e9cffd61d8c46a7503bd53a8141d
                                                                                                • Instruction ID: 69953897c70fc96ca29b3e44489c40bb6bf3fa0fa545b5cd89dfa2cf6934ed65
                                                                                                • Opcode Fuzzy Hash: 8b0b4fd867a4e0722c717f5fcbd41c3f7f05e9cffd61d8c46a7503bd53a8141d
                                                                                                • Instruction Fuzzy Hash: 6531C271208316AFEB14CF20D848B6E7BA5FF81715F044A1DF58197290DB75AD88CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056BEE1 Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0056E1EC: _wcslen.LIBCMT ref: 0056E1F2
                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,?,?,00000000,0056BBD0,?,00000001,00000000,?,?), ref: 0056BF12
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,00000000,0056BBD0,?,00000001,00000000,?,?), ref: 0056BF45
                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,0056BBD0,?,00000001,00000000,?,?), ref: 0056BF62
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 2260680371-0
                                                                                                • Opcode ID: 03e271a001d423c568bca8107d900cc10e28fb6c24268b0264d41efe341e0342
                                                                                                • Instruction ID: 034eca12191099efd94e06599b348902a0479d9e49d8a6b67c9d5fc6582249d0
                                                                                                • Opcode Fuzzy Hash: 03e271a001d423c568bca8107d900cc10e28fb6c24268b0264d41efe341e0342
                                                                                                • Instruction Fuzzy Hash: 8311E531200215AAFB11AB748D49BFEBF98BF19700F004465F901E71A1DB24DEC5CF65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058DEE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0058DF08
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Info
                                                                                                • String ID:
                                                                                                • API String ID: 1807457897-3916222277
                                                                                                • Opcode ID: 8bac7f5fcaf4dbbf78f21867c242816be3be3464e917cabdf9850746bff225a3
                                                                                                • Instruction ID: 93ce761210285666d660e90bb513b3a5ccbcdf9d769fc282ffe445620a17eec7
                                                                                                • Opcode Fuzzy Hash: 8bac7f5fcaf4dbbf78f21867c242816be3be3464e917cabdf9850746bff225a3
                                                                                                • Instruction Fuzzy Hash: 86411C7050428C9ADF229F148C89BF6BFF9FF45304F1408EDE99AA6142D275AA45DF20
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D5BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,000000FF), ref: 0058D62D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: String
                                                                                                • String ID: LCMapStringEx
                                                                                                • API String ID: 2568140703-3893581201
                                                                                                • Opcode ID: 8058aa67d9b0ff674dff61e8070f883a3877c1e63f6dd9344ab47a8598d27036
                                                                                                • Instruction ID: 70280902dabb9995266af1a4c8d717e8c03e27ad512c2abc666261056107434a
                                                                                                • Opcode Fuzzy Hash: 8058aa67d9b0ff674dff61e8070f883a3877c1e63f6dd9344ab47a8598d27036
                                                                                                • Instruction Fuzzy Hash: 4B01133250420DBBCF026F91DD0ADAE7FB6FF48710F014115FE09251A0C6328931ABA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D55A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0058CBBF), ref: 0058D5A5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                                                • String ID: InitializeCriticalSectionEx
                                                                                                • API String ID: 2593887523-3084827643
                                                                                                • Opcode ID: e9a789dc6e2d8a22ef9ba189d2794dc02ab3f768ad51a828f5cdb040adde9108
                                                                                                • Instruction ID: 619247c9c842139ce7e8250e315a95bb34bb4527937035bb9b98d38cb033d39f
                                                                                                • Opcode Fuzzy Hash: e9a789dc6e2d8a22ef9ba189d2794dc02ab3f768ad51a828f5cdb040adde9108
                                                                                                • Instruction Fuzzy Hash: 33F0B43164121CBBCF016FA5DD06DAD7FA5FB58710B004126FC052A1A0CE354E10EBE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D3FF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Alloc
                                                                                                • String ID: FlsAlloc
                                                                                                • API String ID: 2773662609-671089009
                                                                                                • Opcode ID: 5b87f625ed62d8a2951f2a6392fd699c7bb033dcf3e0d5102697f77fff24812a
                                                                                                • Instruction ID: e86c0da746a61a134c139c443982bf1e469a297e5653a54add9aeb697e712634
                                                                                                • Opcode Fuzzy Hash: 5b87f625ed62d8a2951f2a6392fd699c7bb033dcf3e0d5102697f77fff24812a
                                                                                                • Instruction Fuzzy Hash: C7E05530641208A78A007BA89C06D2DBFB6EB98720F41012AFC0622290C9B06E00E3EA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005810A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005810BA
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID: 3So
                                                                                                • API String ID: 1269201914-1105799393
                                                                                                • Opcode ID: 991fe697326c00d15a9060999b7c3ed6f3e390a15a0b0bd3b783d4c759e56075
                                                                                                • Instruction ID: 7904a361ff24395c51743a3135d69f79ad24cdafc710f94ef793a6aeb1984e7a
                                                                                                • Opcode Fuzzy Hash: 991fe697326c00d15a9060999b7c3ed6f3e390a15a0b0bd3b783d4c759e56075
                                                                                                • Instruction Fuzzy Hash: 5EB092A1299101AD32143185AD0AC360A0CF0C4B103609A2EF804E0480A4402C890732
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058E240 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058DE0B: GetOEMCP.KERNEL32(00000000,?,?,0058E094,?), ref: 0058DE36
                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0058E0D9,?,00000000), ref: 0058E2B4
                                                                                                • GetCPInfo.KERNEL32(00000000,0058E0D9,?,?,?,0058E0D9,?,00000000), ref: 0058E2C7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CodeInfoPageValid
                                                                                                • String ID:
                                                                                                • API String ID: 546120528-0
                                                                                                • Opcode ID: 41cfe34bd2484590dc8919650c624fa39a8a01ee740db09dcf46dc35a813559d
                                                                                                • Instruction ID: 9eb3b65fffa249df70a682c112c871ba8afceec51aa2b6c3474bfeee2fbc460d
                                                                                                • Opcode Fuzzy Hash: 41cfe34bd2484590dc8919650c624fa39a8a01ee740db09dcf46dc35a813559d
                                                                                                • Instruction Fuzzy Hash: 905147709002069FDB21BF75C8866BBBFF5FF41300F14486ED896AB261DB35A945DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B45F Relevance: 3.1, APIs: 2, Instructions: 140COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFilePointer.KERNELBASE(000000FF,?,00000800,?,?,00000000,?,?,0056B43B,00000800,00000800,00000000,?,?,0056A31D,?), ref: 0056B5EB
                                                                                                • GetLastError.KERNEL32(?,?,0056A31D,?,?,?,?,?,?,?,?), ref: 0056B5FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFileLastPointer
                                                                                                • String ID:
                                                                                                • API String ID: 2976181284-0
                                                                                                • Opcode ID: 19e2db81a1fe360727e76d58bc0709a9b77bee2064762eeed6b0872a67a64380
                                                                                                • Instruction ID: ddf111a96352f4ad95d2a9dbff10e83f9c578055ea4e6a7c78652301acb9d7f3
                                                                                                • Opcode Fuzzy Hash: 19e2db81a1fe360727e76d58bc0709a9b77bee2064762eeed6b0872a67a64380
                                                                                                • Instruction Fuzzy Hash: 4441F671604345CBEB209F64D4849EA7BE5FFA8321F100A2DE846C3242FBB5DCC58B91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B01E Relevance: 3.1, APIs: 2, Instructions: 89fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNELBASE(?,?,00000000,00000000,00000002,00000000,00000000,?,00000000,?,?,?,0056B967,?,?,005687FD), ref: 0056B0A4
                                                                                                • CreateFileW.KERNEL32(?,?,00000000,00000000,00000002,00000000,00000000,?,?,00000800,?,?,0056B967,?,?,005687FD), ref: 0056B0D4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 1a027c714621c5ac14078f35d8c5cd65826a83dcb445d7cd4284dd84c091b70e
                                                                                                • Instruction ID: 446ba4a2f30ab86da176f6b0ca8cdb15f254f4b44edb47aea1c836115c45e92f
                                                                                                • Opcode Fuzzy Hash: 1a027c714621c5ac14078f35d8c5cd65826a83dcb445d7cd4284dd84c091b70e
                                                                                                • Instruction Fuzzy Hash: 67218C71504345AFE3309B25CC89BB7BBDCFB98320F004A1AF9A5C71D1D774A9888B62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B7E2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FlushFileBuffers.KERNEL32(?), ref: 0056B7FC
                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 0056B8B0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$BuffersFlushTime
                                                                                                • String ID:
                                                                                                • API String ID: 1392018926-0
                                                                                                • Opcode ID: f49f9b6acb25e7f4245a8aa69c6baf2b712e8b39fc3d5a486a619870c7ce44ad
                                                                                                • Instruction ID: 8166a79e1d67b0a306302768f528a90e10d74215134240eb08c3791da9a4a4c2
                                                                                                • Opcode Fuzzy Hash: f49f9b6acb25e7f4245a8aa69c6baf2b712e8b39fc3d5a486a619870c7ce44ad
                                                                                                • Instruction Fuzzy Hash: 3721E1312492429BE715DF64C895ABBBFE8BFA5304F08491DF4C5C7141D329E94CE762
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00561FB0 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 3746244732-0
                                                                                                • Opcode ID: 2e20eced0b006186fe656fd88346aca2a6a8901e1532113035c643931260c5e8
                                                                                                • Instruction ID: 462876af6d1586e8566f21be37ed0cbb772f49073846d3cd5d236660bdf26432
                                                                                                • Opcode Fuzzy Hash: 2e20eced0b006186fe656fd88346aca2a6a8901e1532113035c643931260c5e8
                                                                                                • Instruction Fuzzy Hash: 3821593590061AEFCF21AF94C899AEDBFB2BF48310F14442DF446B72A1CB355A51DB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00586192 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(00000000,00000001,005C60C8,?,?,?,00586386,00000004,InitializeCriticalSectionEx,00599624,InitializeCriticalSectionEx,00000000,?,0058613D,005C60C8,00000FA0), ref: 00586215
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0058621F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                • String ID:
                                                                                                • API String ID: 3013587201-0
                                                                                                • Opcode ID: 353f377a5f06dc216c9a8750ec7068d7f21732c14d42f7c2c2222b72c5228b39
                                                                                                • Instruction ID: e6d63a1d84585d6f7787b93aa7450bf43b9158cee693a9a2b52df85d31385bde
                                                                                                • Opcode Fuzzy Hash: 353f377a5f06dc216c9a8750ec7068d7f21732c14d42f7c2c2222b72c5228b39
                                                                                                • Instruction Fuzzy Hash: D011D0356001159FCF22EFA4EC848AA7BA5FF5536072501A9EE17EB211E730ED01DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B8C0 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 0056B907
                                                                                                • GetLastError.KERNEL32 ref: 0056B914
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFileLastPointer
                                                                                                • String ID:
                                                                                                • API String ID: 2976181284-0
                                                                                                • Opcode ID: 0fddf8fb4c560de7e52a167ca58eefcac846b3adc015e03ac3ffeeaf5c4f5086
                                                                                                • Instruction ID: b5e26164e33685d8f75013cc20f76c1173a237e6815b3de18c3215e6b886d49f
                                                                                                • Opcode Fuzzy Hash: 0fddf8fb4c560de7e52a167ca58eefcac846b3adc015e03ac3ffeeaf5c4f5086
                                                                                                • Instruction Fuzzy Hash: 7311A530A10705ABF7349629C889B667BE8BB45370F504B29E252D36D0E770ED85D750
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058BB34 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0058BB55
                                                                                                  • Part of subcall function 0058BC8E: RtlAllocateHeap.NTDLL(00000000,?,?,?,00586A24,?,0000015D,?,?,?,?,00587F00,000000FF,00000000,?,?), ref: 0058BCC0
                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,?,?,005A50C4,0056190A,?,?,00000007,?,?,?,00561476,?,00000000), ref: 0058BB91
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$AllocAllocate_free
                                                                                                • String ID:
                                                                                                • API String ID: 2447670028-0
                                                                                                • Opcode ID: 576b6e5921c04601334b387acf4b9dfc48d7bf51b1a7c78f6f248374200d0cab
                                                                                                • Instruction ID: 2cfa9f67a3e8e81ed963b8ab0b2c905983e3d5e3d1e315b7b7f0e0d6754c17a1
                                                                                                • Opcode Fuzzy Hash: 576b6e5921c04601334b387acf4b9dfc48d7bf51b1a7c78f6f248374200d0cab
                                                                                                • Instruction Fuzzy Hash: 5AF06231500616ABFB213A66AC05F6B3F5CBFC2BB2B154116FC55B61A5DF20DC0193A9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056C2E5 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000,?,00000001,?,0056BF5E,?,?), ref: 0056C305
                                                                                                  • Part of subcall function 0056DA1E: _wcslen.LIBCMT ref: 0056DA59
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0056BF5E,?,?), ref: 0056C334
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 2673547680-0
                                                                                                • Opcode ID: eccad203ff4d17958eba3c2a40236dac529bb2e57812134973922a89091d9af2
                                                                                                • Instruction ID: c252641821216ff76d3f6d317c3f8dc57c2e6616d1b4c995595be1f4cf34a5d1
                                                                                                • Opcode Fuzzy Hash: eccad203ff4d17958eba3c2a40236dac529bb2e57812134973922a89091d9af2
                                                                                                • Instruction Fuzzy Hash: A2F0903160121AEBDB00AF759C49AEE7BACFF19304F408496B945E7250DA31DE499B64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056BC65 Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteFileW.KERNELBASE(?,?,?,?,0056B14B,?,00000000,0056AF6E,6033248F,00000000,0059517A,000000FF,?,00568882,?,?), ref: 0056BC82
                                                                                                  • Part of subcall function 0056DA1E: _wcslen.LIBCMT ref: 0056DA59
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000800,?,0056B14B,?,00000000,0056AF6E,6033248F,00000000,0059517A,000000FF,?,00568882,?), ref: 0056BCAE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: DeleteFile$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 2643169976-0
                                                                                                • Opcode ID: afd11b35c5b678691526fdee7a9eea6a3549ae7a39fbc1c10a90a2439600cf4f
                                                                                                • Instruction ID: 2d53f4660c9ffac3e655d70da45d953901dc83cf22448a1855f8658388e0ee1a
                                                                                                • Opcode Fuzzy Hash: afd11b35c5b678691526fdee7a9eea6a3549ae7a39fbc1c10a90a2439600cf4f
                                                                                                • Instruction Fuzzy Hash: 78F0543560121A9BE700EF649D46EDE77ACAF19701F444066FA01E3141DF71EE8D9BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058030B Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _swprintf.LIBCMT ref: 00580341
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                • SetDlgItemTextW.USER32(00000065,?), ref: 00580358
                                                                                                  • Part of subcall function 0057D864: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0057D875
                                                                                                  • Part of subcall function 0057D864: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0057D886
                                                                                                  • Part of subcall function 0057D864: IsDialogMessageW.USER32(00010458,?), ref: 0057D89A
                                                                                                  • Part of subcall function 0057D864: TranslateMessage.USER32(?), ref: 0057D8A8
                                                                                                  • Part of subcall function 0057D864: DispatchMessageW.USER32(?), ref: 0057D8B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                • String ID:
                                                                                                • API String ID: 2718869927-0
                                                                                                • Opcode ID: a9befe64af9391420c204f2cca1103b6ea705411760751ea90e9f48d17cb5a1a
                                                                                                • Instruction ID: 94e0751d595af04c5771d71f1038c3cec1d79f473c851d653ec359f658905bf9
                                                                                                • Opcode Fuzzy Hash: a9befe64af9391420c204f2cca1103b6ea705411760751ea90e9f48d17cb5a1a
                                                                                                • Instruction Fuzzy Hash: 6BF0B47151020CABDB01FF69EC0EEEF7FACAF4E305F040052B605A3192DA349A059F65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056BCDD Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,?,0056BCD4,?,00568607,?), ref: 0056BCFA
                                                                                                  • Part of subcall function 0056DA1E: _wcslen.LIBCMT ref: 0056DA59
                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,?,?,0056BCD4,?,00568607,?), ref: 0056BD24
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 2673547680-0
                                                                                                • Opcode ID: 026b422de1863b9c51d140f5e35f6a73bd284d3ca1802699dd10a4f01cd1597b
                                                                                                • Instruction ID: 1f88673a6912d55eb5422f8e7d6dfbe3c8b8f8c3f973b0124bb3ab68ee860a41
                                                                                                • Opcode Fuzzy Hash: 026b422de1863b9c51d140f5e35f6a73bd284d3ca1802699dd10a4f01cd1597b
                                                                                                • Instruction Fuzzy Hash: 6DF0B4316002185BCB10EB789D49AEEBBBCFB4D760F010165FA01E7280DB709E499B94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00573184 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000002,00000002,?,005731C7,0056D526), ref: 00573191
                                                                                                • GetProcessAffinityMask.KERNEL32(00000000,?,005731C7), ref: 00573198
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$AffinityCurrentMask
                                                                                                • String ID:
                                                                                                • API String ID: 1231390398-0
                                                                                                • Opcode ID: ebfd296402662950fec02bf0af5868064258151c8ad25ff1e8e4dfc9100275d6
                                                                                                • Instruction ID: e7cb68b748da8354413e97f47048fdaf2ad8c20693b3b9bc1d30e1790213289f
                                                                                                • Opcode Fuzzy Hash: ebfd296402662950fec02bf0af5868064258151c8ad25ff1e8e4dfc9100275d6
                                                                                                • Instruction Fuzzy Hash: 82E0D872B00105679F0987A4AC198EB77DDFA54264310807AA507D3200FA34DE09F6A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005728AB Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 005728D4
                                                                                                • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00571309,Crypt32.dll,00000000,00571383,00000200,?,00571366,00000000,00000000,?), ref: 005728F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: DirectoryLibraryLoadSystem
                                                                                                • String ID:
                                                                                                • API String ID: 1175261203-0
                                                                                                • Opcode ID: d155d144a23349e581b9f206fc1b8f2f212e0fbd872bbf7d2503294c293c7ba1
                                                                                                • Instruction ID: 974d5da13b8cf4287bf8dccaba1f40c701d5ed1d44d42ed690018e331bc2f0f5
                                                                                                • Opcode Fuzzy Hash: d155d144a23349e581b9f206fc1b8f2f212e0fbd872bbf7d2503294c293c7ba1
                                                                                                • Instruction Fuzzy Hash: 61F0B475A00209ABCB00EB64DC4DDDFB7BCEF89701F000466B605E3100CA74EA499B64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CD3F Relevance: 3.0, APIs: 2, Instructions: 31comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GdiplusShutdown.GDIPLUS(?,?,?,?,0059505D,000000FF), ref: 0057CD7D
                                                                                                • OleUninitialize.OLE32(?,?,?,?,0059505D,000000FF), ref: 0057CD82
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: GdiplusShutdownUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 3856339756-0
                                                                                                • Opcode ID: e89b97bccf9897b46cb8fa29cd8d1f0fa9127a905129303cddc556eba177a178
                                                                                                • Instruction ID: d9f0d0cde85c81fe01d3f21245304e66f0dbe8c39f0e1cc0a9207a8f92f00157
                                                                                                • Opcode Fuzzy Hash: e89b97bccf9897b46cb8fa29cd8d1f0fa9127a905129303cddc556eba177a178
                                                                                                • Instruction Fuzzy Hash: D9F05E76604A44EFCB01DF19DC05F5AFBA8FB4DB20F04426AE816D37A0DB34A905CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057C34D Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0057C36E
                                                                                                • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0057C375
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: BitmapCreateFromGdipStream
                                                                                                • String ID:
                                                                                                • API String ID: 1918208029-0
                                                                                                • Opcode ID: f69718df8e9c7a32e0b60c94d5751df3fb8bc509f294ebda66f5a81f03fa6ac9
                                                                                                • Instruction ID: 1ff9c34d6bc51fc514182b0591f0ee251e8f650c8a9a0f87aa2a8946cc4876e5
                                                                                                • Opcode Fuzzy Hash: f69718df8e9c7a32e0b60c94d5751df3fb8bc509f294ebda66f5a81f03fa6ac9
                                                                                                • Instruction Fuzzy Hash: 7FE06D71400608EFCB10EF95C844B99BFF8FB05350F10C41FE89AA3200D270AE409B54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005851AC Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005851CA
                                                                                                • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 005851D5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                • String ID:
                                                                                                • API String ID: 1660781231-0
                                                                                                • Opcode ID: 7f41f318f7957baa17299f2dbddb1170da9c78ca7ff2f5c09ccd50ace5867a62
                                                                                                • Instruction ID: 202339e239de01dd1d67b5724d555529a62fd4a4785e62263a141fff224faabc
                                                                                                • Opcode Fuzzy Hash: 7f41f318f7957baa17299f2dbddb1170da9c78ca7ff2f5c09ccd50ace5867a62
                                                                                                • Instruction Fuzzy Hash: 9DD0A728544F0248CD1036B4280F76A2F40BA527B17B01A45EC61B65C1FE114940E711
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00561341 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemShowWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3351165006-0
                                                                                                • Opcode ID: f4aca1e1a53d353cc154c478c44866d3c6d3467087fac8d2988f6ab3f6ac4cc0
                                                                                                • Instruction ID: e1dfd1c0757618291a8a534a16cbee9bde41f9089e53e776b6499574d6ee77ab
                                                                                                • Opcode Fuzzy Hash: f4aca1e1a53d353cc154c478c44866d3c6d3467087fac8d2988f6ab3f6ac4cc0
                                                                                                • Instruction Fuzzy Hash: F4C0123205CA08BECB010BB0DC09C2ABBA8ABA8212F19CA48F0B6C1060C239C014EF11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00561B63 Relevance: 1.8, APIs: 1, Instructions: 311COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: 948048c1726853acf18c9e0464421fba53fe43cb58549024a0c3e7d61fb54336
                                                                                                • Instruction ID: 5a93c9a94eba7870a9d8fabfe685ab292c8c0d6d6dafcb17b7ef25f6e342dbf3
                                                                                                • Opcode Fuzzy Hash: 948048c1726853acf18c9e0464421fba53fe43cb58549024a0c3e7d61fb54336
                                                                                                • Instruction Fuzzy Hash: 06C19D74A04A519BEF24CF2484887BD7FA5BF56310F1C04B9EC069B396CB359E44CBA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056147C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __EH_prolog3.LIBCMT ref: 00561483
                                                                                                  • Part of subcall function 00566AE8: __EH_prolog3.LIBCMT ref: 00566AEF
                                                                                                  • Part of subcall function 0056EE0F: __EH_prolog3.LIBCMT ref: 0056EE16
                                                                                                  • Part of subcall function 0056668F: __EH_prolog3.LIBCMT ref: 00566696
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: 0af89743cad3b3c991aa6b815c1436a48aeb8a6e152b85c77d5ebd87e0a592d5
                                                                                                • Instruction ID: 4e14d8d76db6ec5af8f33066e3a5e0b89de3fbe1fb597b9985b3f0e9c3c655c5
                                                                                                • Opcode Fuzzy Hash: 0af89743cad3b3c991aa6b815c1436a48aeb8a6e152b85c77d5ebd87e0a592d5
                                                                                                • Instruction Fuzzy Hash: DD4124B0A067818ECB14DF2994842D97FE2BF59300F0801BEEC5EDF28AD7715615CB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00575617 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: eff89e2ec1b1cee26b06f9aa3613df4491185ccf738efb4e4ca35f619419151f
                                                                                                • Instruction ID: 23ac9fd80424be54fbbdb166970b9f8ea5da51bebe0ddf717a031d63d7f3694c
                                                                                                • Opcode Fuzzy Hash: eff89e2ec1b1cee26b06f9aa3613df4491185ccf738efb4e4ca35f619419151f
                                                                                                • Instruction Fuzzy Hash: A22106B1E40A129BDB14FFB59C4965A7EACFB44314F44413AE909EB681F7B099008B9C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D2E8 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0058D348
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc
                                                                                                • String ID:
                                                                                                • API String ID: 190572456-0
                                                                                                • Opcode ID: e80ead7760b245cbd0ebb88a1480de8a38c5078be3e4d9dc3b52940490e0d8f6
                                                                                                • Instruction ID: f8deb55fe4ccf2fb810c4ffcaf9eb82fb2160e84afacc3962db0be014edb3b5a
                                                                                                • Opcode Fuzzy Hash: e80ead7760b245cbd0ebb88a1480de8a38c5078be3e4d9dc3b52940490e0d8f6
                                                                                                • Instruction Fuzzy Hash: 3E110A33A006259B9F21BE2CEC4195E7BF5FB953607164A20FC15BB294DE30DC0197E2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058EAC9 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058D786: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0058B9D3,00000001,00000364,?,0058688D,?,?,005A50C4), ref: 0058D7C7
                                                                                                • _free.LIBCMT ref: 0058EB35
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 614378929-0
                                                                                                • Opcode ID: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                • Instruction ID: 2d551ca2a061e00127d58734a10c2fe1e8625214310c852b86edf236827fdecd
                                                                                                • Opcode Fuzzy Hash: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                                                • Instruction Fuzzy Hash: 9C01D6722003456BE325DF69D88695AFFFDFB85370F25051DE995A32C0EA70A805C774
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056AB81 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: 5d25f93540c246e659c1c170b229adfc9362d70b1773096a552146bdb66f1e94
                                                                                                • Instruction ID: 326486b47bfd293fe5b9ec5d93efba04e904d031d087e47081e8647800ef13f7
                                                                                                • Opcode Fuzzy Hash: 5d25f93540c246e659c1c170b229adfc9362d70b1773096a552146bdb66f1e94
                                                                                                • Instruction Fuzzy Hash: E701C43AD0062A9BCF21EE64C896DBEBB72BF84700B014519FD02B7252CB308C018BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D786 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0058B9D3,00000001,00000364,?,0058688D,?,?,005A50C4), ref: 0058D7C7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 37dc854083b1c8b56b8ecd2ce9aa7e4a24d935378d83672b6c0edb0f42a67503
                                                                                                • Instruction ID: e93d7a442767eb0483adc78ce5561a3ce20252497ca29e7104ddc43100e21686
                                                                                                • Opcode Fuzzy Hash: 37dc854083b1c8b56b8ecd2ce9aa7e4a24d935378d83672b6c0edb0f42a67503
                                                                                                • Instruction Fuzzy Hash: A9F0B432200621A6FB217B629C45B6B7FE9FF807A0F144012EC09F65DACA20DC0083F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056668F Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __EH_prolog3.LIBCMT ref: 00566696
                                                                                                  • Part of subcall function 005711A5: __EH_prolog3.LIBCMT ref: 005711AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: H_prolog3
                                                                                                • String ID:
                                                                                                • API String ID: 431132790-0
                                                                                                • Opcode ID: d5990222bcc5b2a55329d3ff01f64d066a21da1d6ea7d865fc2a40e054ade416
                                                                                                • Instruction ID: 8e3061790c6b4984c9ec37f1a47c43ba629c76392cd6ed567933f7fb4e582008
                                                                                                • Opcode Fuzzy Hash: d5990222bcc5b2a55329d3ff01f64d066a21da1d6ea7d865fc2a40e054ade416
                                                                                                • Instruction Fuzzy Hash: 7E017C70805745CAD714FBB8915A6DDFFE4BFA0300F10444EA46E53292CFB42B04D722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058BC8E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,00586A24,?,0000015D,?,?,?,?,00587F00,000000FF,00000000,?,?), ref: 0058BCC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: b3da0a66d084a7c09be86ec89da696f4d99ceb6f12bb4c526cae3476033bcb89
                                                                                                • Instruction ID: f102f2fc23103fea0e3297a973e0db1b8b4a7ba5ddff36ed3150a2ca344ce801
                                                                                                • Opcode Fuzzy Hash: b3da0a66d084a7c09be86ec89da696f4d99ceb6f12bb4c526cae3476033bcb89
                                                                                                • Instruction Fuzzy Hash: 2AE06D3520062396FB3137659C15B6B3E9CFFA13A0F190122EC06B61A2CF65CC0583E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056AFD0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,0056AF75,6033248F,00000000,0059517A,000000FF,?,00568882,?,?), ref: 0056AFEB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: dd0b0dd94a2d870c4399dc5538495a67618f90751b52ed1f2b51e2996a740ccb
                                                                                                • Instruction ID: bb99fa279859f62b997906db76a7e0c0c7acaa50648c24d42ed36bf3e81c364d
                                                                                                • Opcode Fuzzy Hash: dd0b0dd94a2d870c4399dc5538495a67618f90751b52ed1f2b51e2996a740ccb
                                                                                                • Instruction Fuzzy Hash: 81F0BE70082B468EEB308A20C44C792BBE4BB12325F041B1EC0E3439E0D360A9CD9A42
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056C37A Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0056C4A8: FindFirstFileW.KERNELBASE(?,?,00000000,?,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000), ref: 0056C4E6
                                                                                                  • Part of subcall function 0056C4A8: FindFirstFileW.KERNEL32(?,00000000,?,?,00000800,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?), ref: 0056C516
                                                                                                  • Part of subcall function 0056C4A8: GetLastError.KERNEL32(?,?,00000800,?,?,0056C39F,000000FF,?,?,?,?,005687BC,?,?,00000000,0000003A), ref: 0056C522
                                                                                                • FindClose.KERNELBASE(00000000,000000FF,?,?,?,?,005687BC,?,?,00000000,0000003A,?,0000003A,00000802), ref: 0056C3A5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$FileFirst$CloseErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1464966427-0
                                                                                                • Opcode ID: e1283396ac58ea9456967357342425a77422ecad4deefcf07c195d5d9e34b4f1
                                                                                                • Instruction ID: f9d447a44f8cae680a82b9bf3ce205bfcb24e9b9631d6aa9efa9b7c21c6bb3b6
                                                                                                • Opcode Fuzzy Hash: e1283396ac58ea9456967357342425a77422ecad4deefcf07c195d5d9e34b4f1
                                                                                                • Instruction Fuzzy Hash: 66F08235008791AADA225BB498097D67FA07F66332F00CE4AF1FD53292C6B56498DB32
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00572EE4 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetThreadExecutionState.KERNEL32(00000001), ref: 00572F19
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExecutionStateThread
                                                                                                • String ID:
                                                                                                • API String ID: 2211380416-0
                                                                                                • Opcode ID: e9136fbd11b13f6bf0a14193873f1ec20cb05f27e4a21bc66a64cf68856d5cc4
                                                                                                • Instruction ID: 633146322ef29fe9f348d9795b8fcaa9b1c4019f98c4b5b6dba4c9b025811262
                                                                                                • Opcode Fuzzy Hash: e9136fbd11b13f6bf0a14193873f1ec20cb05f27e4a21bc66a64cf68856d5cc4
                                                                                                • Instruction Fuzzy Hash: 89D0C20168815215D6223325780EBBD1E4A7FC6321F084066B00C671939B4A0C4AB2A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057C5B6 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GdipAlloc.GDIPLUS(00000010), ref: 0057C5BC
                                                                                                  • Part of subcall function 0057C34D: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0057C36E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                • String ID:
                                                                                                • API String ID: 1915507550-0
                                                                                                • Opcode ID: bb184948fac70443b701d804218a49dfe2ebbc7c187f1a67eea2f7faab0ba8dc
                                                                                                • Instruction ID: 77587cf34faa2c427671f9213705c04c0ac0d99fdebad6e7ef46e5d641aa09d4
                                                                                                • Opcode Fuzzy Hash: bb184948fac70443b701d804218a49dfe2ebbc7c187f1a67eea2f7faab0ba8dc
                                                                                                • Instruction Fuzzy Hash: 08D0C730654209B7DF416B65DC0697E7ED9FB40340F00C4697D45D5151EEB2DA507A51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058017F Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 005801A4
                                                                                                  • Part of subcall function 0057D864: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0057D875
                                                                                                  • Part of subcall function 0057D864: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0057D886
                                                                                                  • Part of subcall function 0057D864: IsDialogMessageW.USER32(00010458,?), ref: 0057D89A
                                                                                                  • Part of subcall function 0057D864: TranslateMessage.USER32(?), ref: 0057D8A8
                                                                                                  • Part of subcall function 0057D864: DispatchMessageW.USER32(?), ref: 0057D8B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                • String ID:
                                                                                                • API String ID: 897784432-0
                                                                                                • Opcode ID: 0c47bf293a9062ca8885649ce2aae2d135a0a989f8610962095feb39a8adda19
                                                                                                • Instruction ID: 5a9dc6f05dcff12a2f09b1f052d2bd6569450ac40b4034ddf9bbd9410c806ee5
                                                                                                • Opcode Fuzzy Hash: 0c47bf293a9062ca8885649ce2aae2d135a0a989f8610962095feb39a8adda19
                                                                                                • Instruction Fuzzy Hash: 48D09E35148300AADB012B52DD0AF1A7EB2BB9DB05F404554B288340F286629D25BF16
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A98 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DloadProtectSection.DELAYIMP ref: 00580AC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: DloadProtectSection
                                                                                                • String ID:
                                                                                                • API String ID: 2203082970-0
                                                                                                • Opcode ID: 6ee1cc8cd5d22a72efdbf87de17fcfe0540de8a4c64f223cc5903dbaae1f387f
                                                                                                • Instruction ID: bc5e4142032948fda2309eabad85e1782606aa685139128281dba6d99cbc7fa8
                                                                                                • Opcode Fuzzy Hash: 6ee1cc8cd5d22a72efdbf87de17fcfe0540de8a4c64f223cc5903dbaae1f387f
                                                                                                • Instruction Fuzzy Hash: 9CD0A930102B048DD284BBA08C8EB242A90B328308BC82404BC06B60D0E7A0ADCCA705
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056B288 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileType.KERNELBASE(000000FF,0056B18A,?,?,?,00000000,0056B662,?,?,00000000,?,?), ref: 0056B294
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileType
                                                                                                • String ID:
                                                                                                • API String ID: 3081899298-0
                                                                                                • Opcode ID: f9488600538d114b031959a7e1f6f784cf9ae1a9b5f24e82e93de89aeb5ce525
                                                                                                • Instruction ID: c4c29d71aba462ac247debe2a400f925370252779aaf48d48c971732016f105a
                                                                                                • Opcode Fuzzy Hash: f9488600538d114b031959a7e1f6f784cf9ae1a9b5f24e82e93de89aeb5ce525
                                                                                                • Instruction Fuzzy Hash: D2C01238400104969E709A2898A949C7BA2FE623A67B48294C028CA0A2C7238CCBFA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058067C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: e7ec3a61d937cf5ada3294832500fb283f0376becdd23f5347626bb487a94399
                                                                                                • Instruction ID: 2bc4c951abae77f0e0a4c4bde2c06bea14df3c8f9ad3baebfad3b1ff1eaf9aa0
                                                                                                • Opcode Fuzzy Hash: e7ec3a61d937cf5ada3294832500fb283f0376becdd23f5347626bb487a94399
                                                                                                • Instruction Fuzzy Hash: F0B0128535D007BE315431855C07C3F0D0CF0C0B10332993EF804E00C0B4401C484231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806DD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 0da49aa09a4be72297b9370305f876f19c05ac0fe160ec3ce3013655581d3ddf
                                                                                                • Instruction ID: 0c1217013c4a69cc76bcfb40503afa9d41599c68d84504db23b9cc47f2834bd4
                                                                                                • Opcode Fuzzy Hash: 0da49aa09a4be72297b9370305f876f19c05ac0fe160ec3ce3013655581d3ddf
                                                                                                • Instruction Fuzzy Hash: DCB09285259142AD32C8618A5C06D3E0948F0C4B10321992AF808D0180A44018884231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806D3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: b049f1e0d93a2b995450df94b8a86fdb6c7651dc2e4a1f6c2596e0e9e5fc691e
                                                                                                • Instruction ID: 51cf5538f109b31fd5a88d8a1d8f0658a761a9c3028cb800857a8778b23ae78d
                                                                                                • Opcode Fuzzy Hash: b049f1e0d93a2b995450df94b8a86fdb6c7651dc2e4a1f6c2596e0e9e5fc691e
                                                                                                • Instruction Fuzzy Hash: D2B09285259003AD318865895C06D3E0948F0C4B10321D82AF808D0180A44018484231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806C9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 017cd6efe2f97f0f0fea7ba7cb16285c1d84aecf87240ddaf779383ec174a017
                                                                                                • Instruction ID: e3d7bd057e072a44c2a60b919ebb9407a6c49951f70c41c7843c3fdb5f7a97db
                                                                                                • Opcode Fuzzy Hash: 017cd6efe2f97f0f0fea7ba7cb16285c1d84aecf87240ddaf779383ec174a017
                                                                                                • Instruction Fuzzy Hash: B8B012C935D107AD318471899C07D3F0D4CF0C4B10331983EF808D01C0F4401C484331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806FB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 8c52c2a4fff9438302e82ffe07c345086470835e7938a3ba85466887bdb4aba0
                                                                                                • Instruction ID: bd24ed173fb0fda82d391841997eae01ec477824a004c44a355d83040b08d293
                                                                                                • Opcode Fuzzy Hash: 8c52c2a4fff9438302e82ffe07c345086470835e7938a3ba85466887bdb4aba0
                                                                                                • Instruction Fuzzy Hash: 46B09296259002AD318461895C06D3E0948F0C4B10321A82AF808D0080A44018484231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806F1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 10f83e7c02c34c547671c371f78301e690f1c0476240f565465e65e79a0e9bb6
                                                                                                • Instruction ID: c50eef7f12f71cdfe477c5cdcd74e68e74c5106c4d8c689193451fb196ef1d22
                                                                                                • Opcode Fuzzy Hash: 10f83e7c02c34c547671c371f78301e690f1c0476240f565465e65e79a0e9bb6
                                                                                                • Instruction Fuzzy Hash: 1DB09285259002AD318861995C06D3E0948F0C4B10321982AF809D0180A44018484231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806E7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 1192692c605eaba54644a5c396a33a8b0fa6430f76021d0328c020a18b4a082f
                                                                                                • Instruction ID: 3de1478b2232cce7189661e8808f27e1ab1b34e82a8752819b5b50cf9ccf09c0
                                                                                                • Opcode Fuzzy Hash: 1192692c605eaba54644a5c396a33a8b0fa6430f76021d0328c020a18b4a082f
                                                                                                • Instruction Fuzzy Hash: 55B09285259002AD3188618A5D06D3E0948F0C4B10321982AF818D0180A440184D5231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580697 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 5439e3535ec14fbfcc8103011a2cf66c8707f45afd92b62b386a675592a55f06
                                                                                                • Instruction ID: b5adaee57b1705ecee8924096f6b8b6facba1b969f771923bdc4622a83fb8cdd
                                                                                                • Opcode Fuzzy Hash: 5439e3535ec14fbfcc8103011a2cf66c8707f45afd92b62b386a675592a55f06
                                                                                                • Instruction Fuzzy Hash: 06B0129535D403AD3184718A9D07D3F0D6CF0C4B103319A7EFC18D00C0F4401C494331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806B5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 7ba1e8d881b570f63546d1c45a86a47aa6cf622eed6fbd4f0957f4e74318ce58
                                                                                                • Instruction ID: 19072fc416c8ec10bddd0fd0820619acc9e079d65a588f5c40f9368b04852d65
                                                                                                • Opcode Fuzzy Hash: 7ba1e8d881b570f63546d1c45a86a47aa6cf622eed6fbd4f0957f4e74318ce58
                                                                                                • Instruction Fuzzy Hash: AEB0128935D203AD36C4718A9C07D3F0D5CF0C4B10331993EF808D01C0F4401C888331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806AB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 635f1f3a446f91f0a190e204cfd8471f97c558f94ad1e336fb81dd02aefdfc16
                                                                                                • Instruction ID: cf9532355a436f810baf60c64f3187a21164c9eea7ceb7de7c4a7b6fc7a8826f
                                                                                                • Opcode Fuzzy Hash: 635f1f3a446f91f0a190e204cfd8471f97c558f94ad1e336fb81dd02aefdfc16
                                                                                                • Instruction Fuzzy Hash: 6FB09289259102AD318461899C06D3F0948F0C4B10321982AF808D0180A4402C484231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806A1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 50fb01e25900081cbf3b7a87e411154bc0155f15abc5a3ceda12411a2a932240
                                                                                                • Instruction ID: 3b30c5e896dadc5faeec249a8471bc15aaac814e8eee5d18919e9fe6ecddc663
                                                                                                • Opcode Fuzzy Hash: 50fb01e25900081cbf3b7a87e411154bc0155f15abc5a3ceda12411a2a932240
                                                                                                • Instruction Fuzzy Hash: 03B0129536D103AD318471899C07D3F0D6CF0C4B10331993FF808D00C0F4401C484331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058075F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4f5f94ee7f272fb82c894d6480c5a5d778a7966595eb6acc9586cc38dda8cde1
                                                                                                • Instruction ID: 923de5c22eac4c90609663957dda5f4229e1b7a1eb448f34295552cabe3b0736
                                                                                                • Opcode Fuzzy Hash: 4f5f94ee7f272fb82c894d6480c5a5d778a7966595eb6acc9586cc38dda8cde1
                                                                                                • Instruction Fuzzy Hash: 2EB09295259002AD3184618A5D06D3E0988F0C4B10321982AF818D0080A4401C494231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580719 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: cafd4d7994d93805dca5d7e0c0f919fe4d2dd181c7dab50d37eba9bae448f923
                                                                                                • Instruction ID: d87a029f68c3929d39dbb458f48d02d1faae03700e74714fa0059782f3cf721a
                                                                                                • Opcode Fuzzy Hash: cafd4d7994d93805dca5d7e0c0f919fe4d2dd181c7dab50d37eba9bae448f923
                                                                                                • Instruction Fuzzy Hash: BAB0129535D003AD3184718A5C07D3F0D4CF0C4B10331A83EF808D00C0F4401C484331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058070F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 73abcd8f3ac59be7ab5166985aed4ca3dd74899f32bb185a81c32993e595348b
                                                                                                • Instruction ID: 2a0fbaf37f83c7ac31650bc002e5b5e14113cc9bcbce1803ff3eeffaae3ab496
                                                                                                • Opcode Fuzzy Hash: 73abcd8f3ac59be7ab5166985aed4ca3dd74899f32bb185a81c32993e595348b
                                                                                                • Instruction Fuzzy Hash: 3AB0129535D003AD3184718A5D07D3F0D4CF0C4B10331A83EFC18D00C0F4401D494331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058072D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: d77fa88f4aa8937d8267a8db070bcae2574f2c8e055996f4dd6b53513c42499e
                                                                                                • Instruction ID: 2c18c9da78f7c9f04ffca1072a0326efc977b1925c5a3036ec0b057e4e46136b
                                                                                                • Opcode Fuzzy Hash: d77fa88f4aa8937d8267a8db070bcae2574f2c8e055996f4dd6b53513c42499e
                                                                                                • Instruction Fuzzy Hash: 2BB0129535E103AD32C4728A5C07D3F0D4CF0C4B10331A93EF808D00C0F4405C884331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808CE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 5c71c0e6b5ee82bb97d94cc33f65561862a779c5fb54bf9301ef1b300cdf4b1d
                                                                                                • Instruction ID: efc3039afba7796f46c591eb11ebd875daa7ffb853eae5dab60515a75fd47146
                                                                                                • Opcode Fuzzy Hash: 5c71c0e6b5ee82bb97d94cc33f65561862a779c5fb54bf9301ef1b300cdf4b1d
                                                                                                • Instruction Fuzzy Hash: 09B012C239D105AC358871895C0AE3A1E4CF0C4B11330982EFC08E01C1E4401C880B31
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 69eaffa4ff97a07391c3414aad89c7ad0fd41c36a22085526a23bc3cb4708bb8
                                                                                                • Instruction ID: 07badf13de1d76084287ab9e544ad8245413878396f56ab631992e7fad16bbd7
                                                                                                • Opcode Fuzzy Hash: 69eaffa4ff97a07391c3414aad89c7ad0fd41c36a22085526a23bc3cb4708bb8
                                                                                                • Instruction Fuzzy Hash: A1B0128235D201AC3A88718A5C0AD3A1E5CF0C4B11330992EFC08E01C1E4401CCC4B31
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 44d27b64efbaa46748f888996f7cff1a40668b6abfd0e344b2cad36448061b01
                                                                                                • Instruction ID: 7571c2ec5b98e70c2b3558704a2a075488a10a9cee5df1c733d946aeac420629
                                                                                                • Opcode Fuzzy Hash: 44d27b64efbaa46748f888996f7cff1a40668b6abfd0e344b2cad36448061b01
                                                                                                • Instruction Fuzzy Hash: 84B0128236D001AC358871889C0EE3A1E5CF0C4B113309A2FF808E00C1E4401C880B31
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005809EA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4f49100c80da7bbfbe4332031c1b6fa89c3286a2d4841b3a95cc110553333cb1
                                                                                                • Instruction ID: a104d3c81683b066d9ae3fa7da976f165a52add35a1c86ca25336e50f7e7ad9d
                                                                                                • Opcode Fuzzy Hash: 4f49100c80da7bbfbe4332031c1b6fa89c3286a2d4841b3a95cc110553333cb1
                                                                                                • Instruction Fuzzy Hash: E8B012C739E002BC35443188EE0AC360E0CF8C0B28330D93EF810F00C2A8511C090731
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A70 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 0ae83b4f5a6c4635738ad2285e6d189018e672b746b3212a7619f9eae67499f5
                                                                                                • Instruction ID: 71c76f0728704a37becb672609f2a9808151ed0007bc40f8436ce08e33b4dd34
                                                                                                • Opcode Fuzzy Hash: 0ae83b4f5a6c4635738ad2285e6d189018e672b746b3212a7619f9eae67499f5
                                                                                                • Instruction Fuzzy Hash: 51B0929129A101AC328861D99D16D360A88F0C4B10320A82AF804D0080A882180A4231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A0F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: b8498ab3d84e6cbf8668f1d08e9f22d320f74e91d2427681b89a2377adc412b9
                                                                                                • Instruction ID: 9ac9c2ceebfb3bbcce74705e9da4c38b3b675f8f6442aa400b3d137a793d3417
                                                                                                • Opcode Fuzzy Hash: b8498ab3d84e6cbf8668f1d08e9f22d320f74e91d2427681b89a2377adc412b9
                                                                                                • Instruction Fuzzy Hash: C9B012C239D001AC35847198EE0AD370E4CF0C4B10330D93EF804F10C1E4411C0D0731
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A05 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 7f21c296e911ed7ee5942d4c403623fe62daf8fce03faaa169dc1069842072b8
                                                                                                • Instruction ID: 860b7aca179a95e2c866f4c570ac621b1a8e0a4cf06fd0a943a3477011546e37
                                                                                                • Opcode Fuzzy Hash: 7f21c296e911ed7ee5942d4c403623fe62daf8fce03faaa169dc1069842072b8
                                                                                                • Instruction Fuzzy Hash: D6B012C239D101AC36847199ED0AD360E4CF0C4B103309A3EF804F11C1E4411C4C0731
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A23 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 56dc6819f128eb2b7db9406a2f5446ef6697d4e28a4c4995604309a781a1d689
                                                                                                • Instruction ID: 9a3395d13b1d1f4a85fb210b39a2876400b42fa1548c5aacaba569dfebcb43aa
                                                                                                • Opcode Fuzzy Hash: 56dc6819f128eb2b7db9406a2f5446ef6697d4e28a4c4995604309a781a1d689
                                                                                                • Instruction Fuzzy Hash: D5B09282399001AC35846188ED0AD360A58F0C4B10320992AF804E2081E44018080731
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A8E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: a3b85b5ad464f421150239071958cb3fb83c5782d714296d7516fb910ed004a4
                                                                                                • Instruction ID: f95cc1876480ef6dc65258da385d660ff44047f16af869b22c892be822e0871a
                                                                                                • Opcode Fuzzy Hash: a3b85b5ad464f421150239071958cb3fb83c5782d714296d7516fb910ed004a4
                                                                                                • Instruction Fuzzy Hash: 07B0929129A101AC328865D89C16D360A88F0C4B10321A82AF804D1080A88118094231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A84 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4bd9bbbe1ccc387c1bdb6464fcbbf037fb1fa1df93ab29e000312a6c26fc9dc0
                                                                                                • Instruction ID: 4f9476084ee5aecd5e8edb3ee4055c72c0567729fb251e93889241224dbc280e
                                                                                                • Opcode Fuzzy Hash: 4bd9bbbe1ccc387c1bdb6464fcbbf037fb1fa1df93ab29e000312a6c26fc9dc0
                                                                                                • Instruction Fuzzy Hash: 0AB012D13AE201FC33C871D9DC16D360E8CF0C4B10331A92EF804D00C0E8811C494331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005806C4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 7049ede4a35df810c919eb831ea4c704d187c1b1849646b98f7c09ed733fcfd2
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 7049ede4a35df810c919eb831ea4c704d187c1b1849646b98f7c09ed733fcfd2
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058075A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: fccac6f66cd38c3a0badb786fc40307049e1aca7cf1173b743baba8c852b16aa
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: fccac6f66cd38c3a0badb786fc40307049e1aca7cf1173b743baba8c852b16aa
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580750 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: bc853ad55e1094b703a944e4874b13691a10ccc568eab1278acc09230d0e12d2
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: bc853ad55e1094b703a944e4874b13691a10ccc568eab1278acc09230d0e12d2
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580746 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4edb97087785d3c8c12bad2eec240af55a0601510db4e5b6b770cc4cdee2aacd
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 4edb97087785d3c8c12bad2eec240af55a0601510db4e5b6b770cc4cdee2aacd
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580778 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 070d3217e5eb11cad7744a95bd06ee42401c34528c0bc2a6637edf847af4fa2f
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 070d3217e5eb11cad7744a95bd06ee42401c34528c0bc2a6637edf847af4fa2f
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058076E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: c6b7c80e08a4cffa8ed88af8b82aae0e568f4d5de999382ca9b047fe8fc903b3
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: c6b7c80e08a4cffa8ed88af8b82aae0e568f4d5de999382ca9b047fe8fc903b3
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058070A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4a986b08399da5741ea068f95bf46ce0606211d8363031e44a9ab25afc74cfa3
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 4a986b08399da5741ea068f95bf46ce0606211d8363031e44a9ab25afc74cfa3
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058073C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 180b85b1182dc62934e1bcb46e5dd3294e3f395ab796a2a6ec85b3b4b4f4867f
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 180b85b1182dc62934e1bcb46e5dd3294e3f395ab796a2a6ec85b3b4b4f4867f
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580728 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 7a6a57d35d26a291403960ead3f427e93b76e41e7fd509a6d9610f61c389e863
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: 7a6a57d35d26a291403960ead3f427e93b76e41e7fd509a6d9610f61c389e863
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580782 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0058068E
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: d40cb3a6d1cb77dea76bba00ab5f69f002ecc741cf8fdcbcca509d99aabe7b95
                                                                                                • Instruction ID: a957d871f9a013df02f0d2dd04eec421b2053a13096aae9199008731de2dd46f
                                                                                                • Opcode Fuzzy Hash: d40cb3a6d1cb77dea76bba00ab5f69f002ecc741cf8fdcbcca509d99aabe7b95
                                                                                                • Instruction Fuzzy Hash: 20A0019A2AA543BD35997296AD1BC3F0A1CF4C4B65332AD2AF81AE40D1B88428995231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808DD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 95f3569015a3b95e19fa880d01a65ce4ecba7978d8edf83baa285938f022ac70
                                                                                                • Instruction ID: 359a5b12e8557a9ed092a84601c24ecdb42ab3376126a27681edfe77af57d9b1
                                                                                                • Opcode Fuzzy Hash: 95f3569015a3b95e19fa880d01a65ce4ecba7978d8edf83baa285938f022ac70
                                                                                                • Instruction Fuzzy Hash: 6CA00296259112BC355971555D06C3A1A1CF4C4B553319D1DF805D40C1644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808F1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 85f278d83ec373accc72763d9231e40998be3fe10c0573dbd5198e67ce99a258
                                                                                                • Instruction ID: 359a5b12e8557a9ed092a84601c24ecdb42ab3376126a27681edfe77af57d9b1
                                                                                                • Opcode Fuzzy Hash: 85f278d83ec373accc72763d9231e40998be3fe10c0573dbd5198e67ce99a258
                                                                                                • Instruction Fuzzy Hash: 6CA00296259112BC355971555D06C3A1A1CF4C4B553319D1DF805D40C1644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808E7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 5e95016b8ef31ff506e28ca4f3e6f2721e4c85b3a62b22d02220b2fa7ff4597e
                                                                                                • Instruction ID: 359a5b12e8557a9ed092a84601c24ecdb42ab3376126a27681edfe77af57d9b1
                                                                                                • Opcode Fuzzy Hash: 5e95016b8ef31ff506e28ca4f3e6f2721e4c85b3a62b22d02220b2fa7ff4597e
                                                                                                • Instruction Fuzzy Hash: 6CA00296259112BC355971555D06C3A1A1CF4C4B553319D1DF805D40C1644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058089A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 5224052e8670d86e5330eb5accf7b40db4869dbda891210c7063a80c48526ba1
                                                                                                • Instruction ID: 9c51cee8cd646076a4797c76aead0d10a2fefad8a4a34f28806fe9da839c64cc
                                                                                                • Opcode Fuzzy Hash: 5224052e8670d86e5330eb5accf7b40db4869dbda891210c7063a80c48526ba1
                                                                                                • Instruction Fuzzy Hash: 6AA002962551117C355971555D06C3A2A1CF4C0B15331996DF809E40C5644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808BF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 4b624e3a48d93b63f7314230add37f71f4e6e06e9dd281ecd4426e8ac275da77
                                                                                                • Instruction ID: 359a5b12e8557a9ed092a84601c24ecdb42ab3376126a27681edfe77af57d9b1
                                                                                                • Opcode Fuzzy Hash: 4b624e3a48d93b63f7314230add37f71f4e6e06e9dd281ecd4426e8ac275da77
                                                                                                • Instruction Fuzzy Hash: 6CA00296259112BC355971555D06C3A1A1CF4C4B553319D1DF805D40C1644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005808B5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005808A7
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 2fc1c62a5ccacbbe862bc6cd5ad3771aefc93a5a59159af6316f0634a9ae4fd6
                                                                                                • Instruction ID: 359a5b12e8557a9ed092a84601c24ecdb42ab3376126a27681edfe77af57d9b1
                                                                                                • Opcode Fuzzy Hash: 2fc1c62a5ccacbbe862bc6cd5ad3771aefc93a5a59159af6316f0634a9ae4fd6
                                                                                                • Instruction Fuzzy Hash: 6CA00296259112BC355971555D06C3A1A1CF4C4B553319D1DF805D40C1644418895671
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A50 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 242d163145e0b7f0099b25372698e21fb917441929e832d54aa9c977e144e4ac
                                                                                                • Instruction ID: 89a81bf12d72332cdc7fbf77ee67a8a93a34ff8fbc4f52cb3bf76179f8eb8e14
                                                                                                • Opcode Fuzzy Hash: 242d163145e0b7f0099b25372698e21fb917441929e832d54aa9c977e144e4ac
                                                                                                • Instruction Fuzzy Hash: 7AA002D5296501BC354975D5DD1AD360B5DF4C0B15731A919F945E40C1788118495231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A46 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 6555ee5c1ea2cd701cc02bea2c57ba15d7bef89f4c6dd581313585407d003a93
                                                                                                • Instruction ID: 13a4d98a09b5fc9f4b19c7c38db70b3f017791b4bf5238041b76bf358bf33b58
                                                                                                • Opcode Fuzzy Hash: 6555ee5c1ea2cd701cc02bea2c57ba15d7bef89f4c6dd581313585407d003a93
                                                                                                • Instruction Fuzzy Hash: C7A001D63AA102BC79897695EE5AC7A0A1DF4C4B65331AE2AF806E50C2A89128495331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A7F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 1f6f83cf7fa58d7b4ed1b795f75900c83b6e9f99926fb87e447c43ee559e29ec
                                                                                                • Instruction ID: f3e6f227a7fcdac2699e73c4116ee0f2b3f32622af3397c281c25c4fca875bad
                                                                                                • Opcode Fuzzy Hash: 1f6f83cf7fa58d7b4ed1b795f75900c83b6e9f99926fb87e447c43ee559e29ec
                                                                                                • Instruction Fuzzy Hash: 0BA002D529A502FC354975D5DD16C360A5DF4C4B55731AD19F845D40C1688118495231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A6B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00580A5D
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 976a3a4e988e53b324f0e5deebe315a2f6bce3e5ffa617ef76ebe92ff46235da
                                                                                                • Instruction ID: f3e6f227a7fcdac2699e73c4116ee0f2b3f32622af3397c281c25c4fca875bad
                                                                                                • Opcode Fuzzy Hash: 976a3a4e988e53b324f0e5deebe315a2f6bce3e5ffa617ef76ebe92ff46235da
                                                                                                • Instruction Fuzzy Hash: 0BA002D529A502FC354975D5DD16C360A5DF4C4B55731AD19F845D40C1688118495231
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A1E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 693c8f571d41774a930a918074ec28dc9bac17164a4e4dbfdaa7596dfc6963bb
                                                                                                • Instruction ID: 13a4d98a09b5fc9f4b19c7c38db70b3f017791b4bf5238041b76bf358bf33b58
                                                                                                • Opcode Fuzzy Hash: 693c8f571d41774a930a918074ec28dc9bac17164a4e4dbfdaa7596dfc6963bb
                                                                                                • Instruction Fuzzy Hash: C7A001D63AA102BC79897695EE5AC7A0A1DF4C4B65331AE2AF806E50C2A89128495331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A3C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 5f2fa34cf4131b90bc21659326176b8f3ea9987f12af8ee656620f08d47d6608
                                                                                                • Instruction ID: 13a4d98a09b5fc9f4b19c7c38db70b3f017791b4bf5238041b76bf358bf33b58
                                                                                                • Opcode Fuzzy Hash: 5f2fa34cf4131b90bc21659326176b8f3ea9987f12af8ee656620f08d47d6608
                                                                                                • Instruction Fuzzy Hash: C7A001D63AA102BC79897695EE5AC7A0A1DF4C4B65331AE2AF806E50C2A89128495331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580A32 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005809FC
                                                                                                  • Part of subcall function 00580D3A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00580DAD
                                                                                                  • Part of subcall function 00580D3A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00580DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                • String ID:
                                                                                                • API String ID: 1269201914-0
                                                                                                • Opcode ID: 2cc56ef8144b543fcca6cb8a6f08d1fdc29ecbabaa5733e12715ff8f9ca154c5
                                                                                                • Instruction ID: 13a4d98a09b5fc9f4b19c7c38db70b3f017791b4bf5238041b76bf358bf33b58
                                                                                                • Opcode Fuzzy Hash: 2cc56ef8144b543fcca6cb8a6f08d1fdc29ecbabaa5733e12715ff8f9ca154c5
                                                                                                • Instruction Fuzzy Hash: C7A001D63AA102BC79897695EE5AC7A0A1DF4C4B65331AE2AF806E50C2A89128495331
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CBB6 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetCurrentDirectoryW.KERNELBASE(?), ref: 0057CBBA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectory
                                                                                                • String ID:
                                                                                                • API String ID: 1611563598-0
                                                                                                • Opcode ID: c732182d698157bd68cd955a29eb0b80a4dcf6b575c2979c62974b8e4e4058bc
                                                                                                • Instruction ID: 5e20fd4211508cd03c428ac34aa79f110667b086fc5da03749805a24c10d4501
                                                                                                • Opcode Fuzzy Hash: c732182d698157bd68cd955a29eb0b80a4dcf6b575c2979c62974b8e4e4058bc
                                                                                                • Instruction Fuzzy Hash: 06A011302002008B82000B328F0AA0EBAAAAFA2A00F02C02AA00280030CB328828FA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 0057E560 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 240windowfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00561366: GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                  • Part of subcall function 00561366: SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0057E602
                                                                                                • EndDialog.USER32(?,00000006), ref: 0057E615
                                                                                                • GetDlgItem.USER32(?,0000006C), ref: 0057E631
                                                                                                • SetFocus.USER32(00000000), ref: 0057E638
                                                                                                • SetDlgItemTextW.USER32(?,00000065,?), ref: 0057E66C
                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0057E69F
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0057E6B5
                                                                                                  • Part of subcall function 0057CBC8: FileTimeToSystemTime.KERNEL32(?,?), ref: 0057CBEE
                                                                                                  • Part of subcall function 0057CBC8: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 0057CC05
                                                                                                  • Part of subcall function 0057CBC8: SystemTimeToFileTime.KERNEL32(?,?), ref: 0057CC19
                                                                                                  • Part of subcall function 0057CBC8: FileTimeToSystemTime.KERNEL32(?,?), ref: 0057CC2A
                                                                                                  • Part of subcall function 0057CBC8: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0057CC42
                                                                                                  • Part of subcall function 0057CBC8: GetTimeFormatW.KERNEL32(00000400,?,?,00000000,00000000,00000032), ref: 0057CC66
                                                                                                  • Part of subcall function 0057CBC8: _swprintf.LIBCMT ref: 0057CC85
                                                                                                • _swprintf.LIBCMT ref: 0057E704
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0057E717
                                                                                                • FindClose.KERNEL32(00000000), ref: 0057E71E
                                                                                                • _swprintf.LIBCMT ref: 0057E773
                                                                                                • SetDlgItemTextW.USER32(?,00000068,?), ref: 0057E786
                                                                                                • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0057E7A0
                                                                                                • _swprintf.LIBCMT ref: 0057E7D9
                                                                                                • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0057E7EC
                                                                                                • _swprintf.LIBCMT ref: 0057E83C
                                                                                                • SetDlgItemTextW.USER32(?,00000069,?), ref: 0057E84F
                                                                                                  • Part of subcall function 0057D0AB: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0057D0E1
                                                                                                  • Part of subcall function 0057D0AB: GetNumberFormatW.KERNEL32(00000400,00000000,?,005A272C,?,?), ref: 0057D12A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Item$Time$Text$_swprintf$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusInfoLocalLocaleNumberSpecificWindow__vswprintf_c_l
                                                                                                • String ID: %s %s$-X$REPLACEFILEDLG
                                                                                                • API String ID: 3464475507-1360726122
                                                                                                • Opcode ID: d5044c3d863a52503db3b099cd0ab0a42496d117821cdfcfd6b53c3e0f9f6d4f
                                                                                                • Instruction ID: 93619fe32daea59b4f30f4ac588b45646e255304406ea510f7097f0b6f613bff
                                                                                                • Opcode Fuzzy Hash: d5044c3d863a52503db3b099cd0ab0a42496d117821cdfcfd6b53c3e0f9f6d4f
                                                                                                • Instruction Fuzzy Hash: A07194B2548348BEE3319B64EC4EFFF7BACBB8D700F044919B64DD2581D6715908AB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00567FD3 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 365fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0056807F
                                                                                                • _wcslen.LIBCMT ref: 00568112
                                                                                                  • Part of subcall function 00568C95: GetCurrentProcess.KERNEL32(00000020,?), ref: 00568CB2
                                                                                                  • Part of subcall function 00568C95: GetLastError.KERNEL32 ref: 00568CF6
                                                                                                  • Part of subcall function 00568C95: CloseHandle.KERNEL32(?), ref: 00568D05
                                                                                                  • Part of subcall function 0056BC65: DeleteFileW.KERNELBASE(?,?,?,?,0056B14B,?,00000000,0056AF6E,6033248F,00000000,0059517A,000000FF,?,00568882,?,?), ref: 0056BC82
                                                                                                  • Part of subcall function 0056BC65: DeleteFileW.KERNEL32(?,?,?,00000800,?,0056B14B,?,00000000,0056AF6E,6033248F,00000000,0059517A,000000FF,?,00568882,?), ref: 0056BCAE
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 005681C1
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 005681DD
                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000,?,?,?,?,?,?,?,6033248F,00000000), ref: 00568329
                                                                                                  • Part of subcall function 0056B7E2: FlushFileBuffers.KERNEL32(?), ref: 0056B7FC
                                                                                                  • Part of subcall function 0056B7E2: SetFileTime.KERNELBASE(?,?,?,?), ref: 0056B8B0
                                                                                                  • Part of subcall function 0056AFD0: FindCloseChangeNotification.KERNELBASE(?,?,?,0056AF75,6033248F,00000000,0059517A,000000FF,?,00568882,?,?), ref: 0056AFEB
                                                                                                  • Part of subcall function 0056C2E5: SetFileAttributesW.KERNELBASE(?,00000000,?,00000001,?,0056BF5E,?,?), ref: 0056C305
                                                                                                  • Part of subcall function 0056C2E5: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0056BF5E,?,?), ref: 0056C334
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushLastNotificationProcessTime
                                                                                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                • API String ID: 243576179-3508440684
                                                                                                • Opcode ID: db80690398f2bb5b9704f341a7cb5630df6cce309dc0a33db98974ccca14147b
                                                                                                • Instruction ID: fe9c0d70bcdde1b73d92384a659470f0702bd30d04ca4d29510e29b85bdacae5
                                                                                                • Opcode Fuzzy Hash: db80690398f2bb5b9704f341a7cb5630df6cce309dc0a33db98974ccca14147b
                                                                                                • Instruction Fuzzy Hash: B0D186B1900249AFDB25DF64CC85BFE7BACBF44700F04461AFA55E7241EB74AA44CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058FF3E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: __floor_pentium4
                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                • API String ID: 4168288129-2761157908
                                                                                                • Opcode ID: c130d0c1d07439312ec7f34c29a24de420d32c5f5ee4963668eefd1e145d6275
                                                                                                • Instruction ID: a3eb4778514e1016679f3d33754389a9aee68bf4ba2e3b49d5c5db265fba9685
                                                                                                • Opcode Fuzzy Hash: c130d0c1d07439312ec7f34c29a24de420d32c5f5ee4963668eefd1e145d6275
                                                                                                • Instruction Fuzzy Hash: 4FC23871E046298FDF248E28DD447EABBB5FB84304F1559EAD84DE7280E775AE818F40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00563AB7 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 677COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _swprintf
                                                                                                • String ID: CMT$h%u$hc%u
                                                                                                • API String ID: 589789837-3282847064
                                                                                                • Opcode ID: e5d0b375aa6ba91931ddee1eb33fb8ed8fea357f2bb6f35504f39bb8eba7118d
                                                                                                • Instruction ID: 590aab423b46ef3c15bc0516fd2db0f93274af126dc6f3893b7a070b68b1a8dc
                                                                                                • Opcode Fuzzy Hash: e5d0b375aa6ba91931ddee1eb33fb8ed8fea357f2bb6f35504f39bb8eba7118d
                                                                                                • Instruction Fuzzy Hash: FE42F231A016459FDF24DF74C89ABEE7FA5BF55300F044479F84A9B282DB706A89CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00562FCB Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 830COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _strlen.LIBCMT ref: 005635C3
                                                                                                  • Part of subcall function 00573D10: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,6033248F,?,?,6033248F,00000001,0056DA04,00000000,6033248F,?,00010458,?,?), ref: 00573D2C
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0056370D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                • String ID: CMT
                                                                                                • API String ID: 1610651222-2756464174
                                                                                                • Opcode ID: 9e6a36d50a0d2addfa0fcdcba2880db0e510b50a9a2523f8c1bbc5862375fdb7
                                                                                                • Instruction ID: e5a7c4a2a5ae17e4796d0c68d5c55235c7732a6bb4083b698979c0d538a89802
                                                                                                • Opcode Fuzzy Hash: 9e6a36d50a0d2addfa0fcdcba2880db0e510b50a9a2523f8c1bbc5862375fdb7
                                                                                                • Instruction Fuzzy Hash: 0F621571A002458FDF19DF78C8996EE7FB1BF55300F08057EEC4A9B282DA709A45CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00581FCA Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00581FD6
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 005820A2
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005820C2
                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 005820CC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                • String ID:
                                                                                                • API String ID: 254469556-0
                                                                                                • Opcode ID: 75bda8276407cd64073b9767f591c29aac9d7812e9f0e5230a044e4bc88a7156
                                                                                                • Instruction ID: b32bbdcfa89df87e21fb2f72eae7d3a2a84629fe21f4d870af078ec2147e0fd1
                                                                                                • Opcode Fuzzy Hash: 75bda8276407cd64073b9767f591c29aac9d7812e9f0e5230a044e4bc88a7156
                                                                                                • Instruction Fuzzy Hash: A2312975D05219DBDB20EFA4D989BCCBBB8BF18300F1040AAE44DAB250EB715A88DF04
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualQuery.KERNEL32(80000000,00580AC5,0000001C,00580CBA,00000000,?,?,?,?,?,?,?,00580AC5,00000004,005C5D24,00580D4A), ref: 00580B91
                                                                                                • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00580AC5,00000004,005C5D24,00580D4A), ref: 00580BAC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoQuerySystemVirtual
                                                                                                • String ID: D
                                                                                                • API String ID: 401686933-2746444292
                                                                                                • Opcode ID: af93423289846a22b8b44618c190bcc6fa9c97a8f24770c87fe175ccb9d0fd5a
                                                                                                • Instruction ID: 58ac0acc1e4b47f8e62841aca6f5aa49c656947ae7676e129ef4e5e240d2a9c1
                                                                                                • Opcode Fuzzy Hash: af93423289846a22b8b44618c190bcc6fa9c97a8f24770c87fe175ccb9d0fd5a
                                                                                                • Instruction Fuzzy Hash: 5401F7326001096FCB14EF29DC05FEE7BA9AFC4329F0CC125AD59E7284D634E809C780
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058647F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00586577
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00586581
                                                                                                • UnhandledExceptionFilter.KERNEL32(-00000325,?,?,?,?,?,00000000), ref: 0058658E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: 480fdadae2927f4f3a43e653e00deadb2e9648d2e1115dde83a85bb5623f2c67
                                                                                                • Instruction ID: 9aa19ff20b3b2de3ca6521afea0994c76c991f826a02e6a8bb36e4e0855a6200
                                                                                                • Opcode Fuzzy Hash: 480fdadae2927f4f3a43e653e00deadb2e9648d2e1115dde83a85bb5623f2c67
                                                                                                • Instruction Fuzzy Hash: 4031C4759012299BCB21EF68DD8979CBBB8BF58310F5041DAE81CA7261EB309F85CF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D998 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .
                                                                                                • API String ID: 0-248832578
                                                                                                • Opcode ID: d18e281b06335db0bca4d4f64f855bdbd5972f2109ac44930ae8eb3042429477
                                                                                                • Instruction ID: 17ce1fdae6ed9e15bd1f0520cabb19c9c2d23f4d70803ae4cef31e81a7597b58
                                                                                                • Opcode Fuzzy Hash: d18e281b06335db0bca4d4f64f855bdbd5972f2109ac44930ae8eb3042429477
                                                                                                • Instruction Fuzzy Hash: 4231C7719002496FCB28AE79CC89EFB7FFDEB85314F144198F859E7291E6309D448B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058FA90 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ce33ea9f4ec23801448980fb748551bc40d278e625499f9c7663d63746eea6e2
                                                                                                • Instruction ID: 627777dc45f809ab894674ea8f9873ba5133b381c005e062bf493ed18b22de57
                                                                                                • Opcode Fuzzy Hash: ce33ea9f4ec23801448980fb748551bc40d278e625499f9c7663d63746eea6e2
                                                                                                • Instruction Fuzzy Hash: 8C021B71E012199BDF14DFA9C8806ADBBF5FF88324F25826AD919F7345D730AE418B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D0AB Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0057D0E1
                                                                                                • GetNumberFormatW.KERNEL32(00000400,00000000,?,005A272C,?,?), ref: 0057D12A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FormatInfoLocaleNumber
                                                                                                • String ID:
                                                                                                • API String ID: 2169056816-0
                                                                                                • Opcode ID: abd85328a920bb2afe11a03e6135a3f998d25f2d7c49a105afb28ba2470842b8
                                                                                                • Instruction ID: ebbe6ab8f939f0561a46995318f603c4c105869c3f6c5846e397b93a6a0fe16b
                                                                                                • Opcode Fuzzy Hash: abd85328a920bb2afe11a03e6135a3f998d25f2d7c49a105afb28ba2470842b8
                                                                                                • Instruction Fuzzy Hash: 15115B75210308AFD711DF64EC46FAA77BCFF69700F00842AF905E7291D670AA49EB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00567BFF Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(00567D6C,?,00000400), ref: 00567BFF
                                                                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00567C20
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                • String ID:
                                                                                                • API String ID: 3479602957-0
                                                                                                • Opcode ID: 270e58a25a51675bfb95b32f400c8624036645fb7c838b83cf0151b860f90236
                                                                                                • Instruction ID: fbba2631fd1381062f034c347f98d4ddd9f0494a63075ebbfbc02e0fe45bf1e7
                                                                                                • Opcode Fuzzy Hash: 270e58a25a51675bfb95b32f400c8624036645fb7c838b83cf0151b860f90236
                                                                                                • Instruction Fuzzy Hash: 60D0C771349304BFFA110A604C4AF2A7B59BB59B55F15C805B755D60E0D7709428F619
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00594044 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0059403F,?,?,00000008,?,?,00593CDF,00000000), ref: 00594271
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: 4a9bfb744a409aa3cbef2d2aca73a3d8c43614e946e3070d0d56bb6307abc83e
                                                                                                • Instruction ID: ce7e19502bd66b7faf1776a63699004f4524cf885ca61f445d28ceffa8445544
                                                                                                • Opcode Fuzzy Hash: 4a9bfb744a409aa3cbef2d2aca73a3d8c43614e946e3070d0d56bb6307abc83e
                                                                                                • Instruction Fuzzy Hash: 6CB119356206099FDB19CF28C48AB657FA0FF45365F298658E899CF2A1C335ED92CF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056D076 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVersionExW.KERNEL32(?), ref: 0056D0A7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Version
                                                                                                • String ID:
                                                                                                • API String ID: 1889659487-0
                                                                                                • Opcode ID: 1b7885071024cfff294fe7e89ede597de66662dc2c03a746a4351b24ecdebe45
                                                                                                • Instruction ID: a441d4dc20ea1bf87e7bf79cda39f17081c57b47f017d7847d8475e14f3eb21c
                                                                                                • Opcode Fuzzy Hash: 1b7885071024cfff294fe7e89ede597de66662dc2c03a746a4351b24ecdebe45
                                                                                                • Instruction Fuzzy Hash: 19014B75A00608CBDB24CF68EC89A9D7BB1BB69314F204619DA1A97391EB34A90DDF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00564C6E Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: gj
                                                                                                • API String ID: 0-4203073231
                                                                                                • Opcode ID: fd5c4d362bb4d62ed5dd7a11d4b93ea8e764872f4cdc141aae695097d684401c
                                                                                                • Instruction ID: d99e435b79e0fb44b57914f4abce81113cd59e7994277113010424dd63495479
                                                                                                • Opcode Fuzzy Hash: fd5c4d362bb4d62ed5dd7a11d4b93ea8e764872f4cdc141aae695097d684401c
                                                                                                • Instruction Fuzzy Hash: 9CD128B2A083458FC754CF6AD88065AFBE1FFC9308F55492EE998D7301D734A959CB82
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058215D Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00022170,00581BC5), ref: 00582162
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: bc002bc9519cf912aa771709272cc8bb1863114c7af33140c05978a76568d2f7
                                                                                                • Instruction ID: 0248015e7670ccc1aa2792a56a942865a5b663a52348cab268cd7f8aec1a9540
                                                                                                • Opcode Fuzzy Hash: bc002bc9519cf912aa771709272cc8bb1863114c7af33140c05978a76568d2f7
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005727A9 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: 934ccf0cd4b67d897cb7c2438ec395f92651c0feaeced376863ec7c5dca47e2e
                                                                                                • Instruction ID: f8a2b0082f54f64715febdecaf724f1d543d7367941a7d2d00656f393b9dbfc7
                                                                                                • Opcode Fuzzy Hash: 934ccf0cd4b67d897cb7c2438ec395f92651c0feaeced376863ec7c5dca47e2e
                                                                                                • Instruction Fuzzy Hash: 2C113AB19047069BD72C8F69A95676ABBE4FB00314F20C82ED4AAE2281D371A540EB41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058E680 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 54951025-0
                                                                                                • Opcode ID: 231fdede450ba7f764c4ba806e85109f300d29be0bc0439eeb6196603b3c4e56
                                                                                                • Instruction ID: c4c676a9b790ed47f908b61ea984a9841c7d3e7758632e3916c25b76f5ccf8c7
                                                                                                • Opcode Fuzzy Hash: 231fdede450ba7f764c4ba806e85109f300d29be0bc0439eeb6196603b3c4e56
                                                                                                • Instruction Fuzzy Hash: 7DA011302002008F83008F32AA082083AE8EA22280302802AA00AC0220EA2A8228BF00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005782D0 Relevance: .8, Instructions: 807COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 90c3c98ec23a744960941777bc03b1281d3b488c6a7f7634cefa33c0df39adee
                                                                                                • Instruction ID: 110dccea9329268fb45a5b6a651509038834663ff319137b43ed535309d7ea8f
                                                                                                • Opcode Fuzzy Hash: 90c3c98ec23a744960941777bc03b1281d3b488c6a7f7634cefa33c0df39adee
                                                                                                • Instruction Fuzzy Hash: B8623331644B859FCB29CF28D8946BA7FE1BF91304F18C96DD89E8B342DB30A945E711
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057976F Relevance: .8, Instructions: 781COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e008b3fe25645c420bb524d8f5ec445355e06715b0fa383b64c6e5b3b3f0fe45
                                                                                                • Instruction ID: 1c4a358ec753d9d74675d46225618c800a9e15fc295486364e4ad8d37635e3d0
                                                                                                • Opcode Fuzzy Hash: e008b3fe25645c420bb524d8f5ec445355e06715b0fa383b64c6e5b3b3f0fe45
                                                                                                • Instruction Fuzzy Hash: D062C4716082469FCB19CF28D4905A8BFE1BF95304F08C56DEC9D8B346D734E945EBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00571476 Relevance: .7, Instructions: 694COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7b613aa6936206879556b4b98a40ab473639d5810861dad884f2e1ee316ea20b
                                                                                                • Instruction ID: 5b3eb530201420ab9883242293f8d3de7813b86f973954f5736a87256d854254
                                                                                                • Opcode Fuzzy Hash: 7b613aa6936206879556b4b98a40ab473639d5810861dad884f2e1ee316ea20b
                                                                                                • Instruction Fuzzy Hash: 59525B726087018FC718CF19C891A6AF7E1FFCC304F498A2DE9959B255D734EA19CB86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00579111 Relevance: .5, Instructions: 528COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 34ea20011ace4b16a9fb2f361c0749c8a9162b95d96fec11e6352733853cb0b8
                                                                                                • Instruction ID: 694cfe88fe58fab5bb8c39cfa89d3053910bb0975f75c520c752765c6c92b216
                                                                                                • Opcode Fuzzy Hash: 34ea20011ace4b16a9fb2f361c0749c8a9162b95d96fec11e6352733853cb0b8
                                                                                                • Instruction Fuzzy Hash: C61204B06147068FC728CF28D494BB9BBE1FF84304F10892EE99BC7681D378A995DB55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056E394 Relevance: .5, Instructions: 460COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ee176bc2e466c92e161cc9e29ea8fc5051119d69197c3a3f2f5a670d0181b84
                                                                                                • Instruction ID: 558af663f9a10418c2e0f902c3f4e8f0a8d23d2ec3dc79a28250027b0e9b850d
                                                                                                • Opcode Fuzzy Hash: 1ee176bc2e466c92e161cc9e29ea8fc5051119d69197c3a3f2f5a670d0181b84
                                                                                                • Instruction Fuzzy Hash: 80F17979A0A3528FC724CF28C58A62ABFE5FFD9704F144A2EE485D7252D730E905CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00570949 Relevance: .3, Instructions: 330COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 48d43532d6e86dd4cd3941f3ecb8292771172016e56662b51e77c1badd920e11
                                                                                                • Instruction ID: 1ed5e19f4e2cee11672d2bae777a836dca4a7fb2ff3b4e20084a93fb717f0acc
                                                                                                • Opcode Fuzzy Hash: 48d43532d6e86dd4cd3941f3ecb8292771172016e56662b51e77c1badd920e11
                                                                                                • Instruction Fuzzy Hash: 16E148749183918FC344CF29D49042BBBF0BB9A300F4A495EF9D497352D334EA59DBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005760F7 Relevance: .3, Instructions: 278COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 24092efe62d424cd3216e4ebe9e7bacb40e96a48e43bb28165a4c3ae8af820e3
                                                                                                • Instruction ID: df62250a809e9bda553f8955006bc36ea1ee12bda581e349f69535f05ffb27e0
                                                                                                • Opcode Fuzzy Hash: 24092efe62d424cd3216e4ebe9e7bacb40e96a48e43bb28165a4c3ae8af820e3
                                                                                                • Instruction Fuzzy Hash: A0916AB0204B468BD724EF68E895BFA7FD5BB90304F104C2DE59F87282EB749544E751
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00576445 Relevance: .3, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f4cca48a9374fd1daa150efee777656cfe635c97c04d9d71bcc5fab648253d3
                                                                                                • Instruction ID: 95f8f50aff059ad56ac60a6a14939f99459d59bc2b7b6297d8bf533b239c9cc2
                                                                                                • Opcode Fuzzy Hash: 7f4cca48a9374fd1daa150efee777656cfe635c97c04d9d71bcc5fab648253d3
                                                                                                • Instruction Fuzzy Hash: 84816F717047424FDB24EE28E4C1BBD7FD5BBD4304F50883DE98E8B282DA708884A795
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00587967 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1e55466e6450d3e1f8b181c6fc235256c9e8eb33070c9ff6d95d1ccc00834e22
                                                                                                • Instruction ID: bd1da3ffb284800f8c26f6398c0bf1942c95001306ab55a9028aa9796a521759
                                                                                                • Opcode Fuzzy Hash: 1e55466e6450d3e1f8b181c6fc235256c9e8eb33070c9ff6d95d1ccc00834e22
                                                                                                • Instruction Fuzzy Hash: B5616D7164C60D66DE3CBA288859BBE6F99FB8D700F34081AEC83FB281E511DE818355
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00587738 Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                • Instruction ID: b1143ef3fa5f866a5ca2782c604b22519661b7621502cd4100c8c321083aed30
                                                                                                • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                • Instruction Fuzzy Hash: 8451886160C64E57DB38B968845E7BE2F85FB5D300F380919DC82F7282D615ED02CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00570FAC Relevance: .2, Instructions: 171COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ffb8474eac3346fd6fa087a8c0c25b53bdfde2b1fb4f2657615dc0dc0a1de3c4
                                                                                                • Instruction ID: 71441d52952ef93da451957a75f2ccdd8c4c265f6e664406614a03b368f7f691
                                                                                                • Opcode Fuzzy Hash: ffb8474eac3346fd6fa087a8c0c25b53bdfde2b1fb4f2657615dc0dc0a1de3c4
                                                                                                • Instruction Fuzzy Hash: 8D5114315083D64FC711DF3C94884AEBFE0BEDA314F4A8999E4D94B242D221E68ADB56
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00572125 Relevance: .1, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3174f13cfea80075fb98e3fcfac22e5a3fe9995f15e96e7859fee2abfc45b684
                                                                                                • Instruction ID: 20a04b318711b6f621b75fea4f472d66b86111f79d777765d574a3bcaa749705
                                                                                                • Opcode Fuzzy Hash: 3174f13cfea80075fb98e3fcfac22e5a3fe9995f15e96e7859fee2abfc45b684
                                                                                                • Instruction Fuzzy Hash: A451E1B1A087119FC748CF19D88055AF7E1FF88314F058A2EE899E3341DB30E959CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00575E86 Relevance: .1, Instructions: 112COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a36805445e229c2b90d29c9fa108318b87a70c956e41b8f0a663b46aa5c9b3d3
                                                                                                • Instruction ID: a15e1dde5828109a5f38a1a4cfd6e4c0f2b61f6689cdbd25b60b76a3cb80252f
                                                                                                • Opcode Fuzzy Hash: a36805445e229c2b90d29c9fa108318b87a70c956e41b8f0a663b46aa5c9b3d3
                                                                                                • Instruction Fuzzy Hash: 7E31DEB1614B168FCB14EF28D85116EBFE0FB95300F14892DE89AD7342D774E909CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00570244 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _swprintf.LIBCMT ref: 00570284
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                  • Part of subcall function 00573F47: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0056F801,00000000,00000000,?,005A5070,?,0056F801,?,?,00000050,?), ref: 00573F64
                                                                                                • _strlen.LIBCMT ref: 005702A5
                                                                                                • SetDlgItemTextW.USER32(?,005A2274,?), ref: 005702FE
                                                                                                • GetWindowRect.USER32(?,?), ref: 00570334
                                                                                                • GetClientRect.USER32(?,?), ref: 00570340
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 005703EB
                                                                                                • GetWindowRect.USER32(?,?), ref: 0057041B
                                                                                                • SetWindowTextW.USER32(?,?), ref: 0057044A
                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00570452
                                                                                                • GetWindow.USER32(?,00000005), ref: 0057045D
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0057048D
                                                                                                • GetWindow.USER32(00000000,00000002), ref: 005704FF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                • String ID: $%s:$CAPTION$d$t"Z
                                                                                                • API String ID: 2407758923-929387701
                                                                                                • Opcode ID: ab6429c099eeb5975869c41a0fb13527a1c694386bb8855095ea251c600bda5a
                                                                                                • Instruction ID: 8c5aac61396c76c8f28e0c83f0164e9b8224f4d44d762ca9f908b54dddc637cb
                                                                                                • Opcode Fuzzy Hash: ab6429c099eeb5975869c41a0fb13527a1c694386bb8855095ea251c600bda5a
                                                                                                • Instruction Fuzzy Hash: 6D819872608305AFD714DF68DD89E6FBBE9FB88704F04591DFA8893290D634A908DB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058F172 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___free_lconv_mon.LIBCMT ref: 0058F1B6
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058ED6E
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058ED80
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058ED92
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDA4
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDB6
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDC8
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDDA
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDEC
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EDFE
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EE10
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EE22
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EE34
                                                                                                  • Part of subcall function 0058ED51: _free.LIBCMT ref: 0058EE46
                                                                                                • _free.LIBCMT ref: 0058F1AB
                                                                                                  • Part of subcall function 0058BAFA: RtlFreeHeap.NTDLL(00000000,00000000,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?), ref: 0058BB10
                                                                                                  • Part of subcall function 0058BAFA: GetLastError.KERNEL32(?,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?,?), ref: 0058BB22
                                                                                                • _free.LIBCMT ref: 0058F1CD
                                                                                                • _free.LIBCMT ref: 0058F1E2
                                                                                                • _free.LIBCMT ref: 0058F1ED
                                                                                                • _free.LIBCMT ref: 0058F20F
                                                                                                • _free.LIBCMT ref: 0058F222
                                                                                                • _free.LIBCMT ref: 0058F230
                                                                                                • _free.LIBCMT ref: 0058F23B
                                                                                                • _free.LIBCMT ref: 0058F273
                                                                                                • _free.LIBCMT ref: 0058F27A
                                                                                                • _free.LIBCMT ref: 0058F297
                                                                                                • _free.LIBCMT ref: 0058F2AF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                • String ID: h)Z
                                                                                                • API String ID: 161543041-1987929227
                                                                                                • Opcode ID: af969559e64fb8605b596966623a50e6a85ad93f2beb9a450319cec7bb935999
                                                                                                • Instruction ID: ee7121c24eb81b30601c1a90fe0c3e86829165b5f2058768d4efa1790092ef8d
                                                                                                • Opcode Fuzzy Hash: af969559e64fb8605b596966623a50e6a85ad93f2beb9a450319cec7bb935999
                                                                                                • Instruction Fuzzy Hash: CD313935600602DFEB24FA79D84AB9A7BE9FF84310F204529E84AF7251DF71AD90CB10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057F9EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 86windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindow.USER32(?,00000005), ref: 0057FA20
                                                                                                • GetClassNameW.USER32(00000000,?,00000800), ref: 0057FA4C
                                                                                                  • Part of subcall function 00574168: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,000000FF,0056E084,00000000,.exe,?,?,00000800,?,?,?,0057AD5D), ref: 0057417E
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0057FA68
                                                                                                • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0057FA7F
                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 0057FA93
                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0057FABC
                                                                                                • DeleteObject.GDI32(00000000), ref: 0057FAC3
                                                                                                • GetWindow.USER32(00000000,00000002), ref: 0057FACC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                • String ID: STATIC
                                                                                                • API String ID: 3820355801-1882779555
                                                                                                • Opcode ID: 5e15452dc667466abaf11c75e6a007dbb14cd5e210dbbac42bed93bb89270c50
                                                                                                • Instruction ID: 577b079792c73999456d0a7acd730170ea9c49ac930060bacf47fdd145bbf288
                                                                                                • Opcode Fuzzy Hash: 5e15452dc667466abaf11c75e6a007dbb14cd5e210dbbac42bed93bb89270c50
                                                                                                • Instruction Fuzzy Hash: 52214832544B117FE620EB30AC4EFAF3F9CBF98700F044424F949A6091DB708905AFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058B8B1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0058B8C5
                                                                                                  • Part of subcall function 0058BAFA: RtlFreeHeap.NTDLL(00000000,00000000,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?), ref: 0058BB10
                                                                                                  • Part of subcall function 0058BAFA: GetLastError.KERNEL32(?,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?,?), ref: 0058BB22
                                                                                                • _free.LIBCMT ref: 0058B8D1
                                                                                                • _free.LIBCMT ref: 0058B8DC
                                                                                                • _free.LIBCMT ref: 0058B8E7
                                                                                                • _free.LIBCMT ref: 0058B8F2
                                                                                                • _free.LIBCMT ref: 0058B8FD
                                                                                                • _free.LIBCMT ref: 0058B908
                                                                                                • _free.LIBCMT ref: 0058B913
                                                                                                • _free.LIBCMT ref: 0058B91E
                                                                                                • _free.LIBCMT ref: 0058B92C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 9900495e5dc5e45cf7d4c990e14d7a6ac9996c83fd142f8729f139987b641765
                                                                                                • Instruction ID: 992585b11a72e4dfe5e0ed667107bc8d049fc063d04482b269e3780381a7f887
                                                                                                • Opcode Fuzzy Hash: 9900495e5dc5e45cf7d4c990e14d7a6ac9996c83fd142f8729f139987b641765
                                                                                                • Instruction Fuzzy Hash: D711937A100149AFDB05FF59C996CD93FB9FF84350B0180A5FE099B222DB71EA519B80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00585451 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                • String ID: csm$csm$csm
                                                                                                • API String ID: 322700389-393685449
                                                                                                • Opcode ID: 0f66b1adbeffeb217f0b27c1dc6ac6cd85caf0064a1abd9d38181c53cb0a45cd
                                                                                                • Instruction ID: 978ee67b97fb702f40f7f715f96e0f9a43c4fd931945e5b8f62c142932175ce9
                                                                                                • Opcode Fuzzy Hash: 0f66b1adbeffeb217f0b27c1dc6ac6cd85caf0064a1abd9d38181c53cb0a45cd
                                                                                                • Instruction Fuzzy Hash: 5CB12371800A0AEBCF25EFA4D8859AEBFB5FF44310B548559EC01BB212E731EA51CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056CE64 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 202COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClearH_prolog3Variant
                                                                                                • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10$fX
                                                                                                • API String ID: 3629354427-3828771283
                                                                                                • Opcode ID: a7bc985895e4611aa8615c1f5a6582ff538cf03583b1c48383440203fe314f9e
                                                                                                • Instruction ID: 4153d76dd5b8801985eecc067057ffc3076e84950d395ecbb53a11973c40a702
                                                                                                • Opcode Fuzzy Hash: a7bc985895e4611aa8615c1f5a6582ff538cf03583b1c48383440203fe314f9e
                                                                                                • Instruction Fuzzy Hash: 2E712974A002199FDF14DFA4CC98DBEBFB9BF88710B140569E546E72A0DB34AD05DB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00591CDD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00592452,00000000,00000000,00000000,00000000,00000000,?), ref: 00591D1F
                                                                                                • __fassign.LIBCMT ref: 00591D9A
                                                                                                • __fassign.LIBCMT ref: 00591DB5
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00591DDB
                                                                                                • WriteFile.KERNEL32(?,00000000,00000000,R$Y,00000000,?,?,?,?,?,?,?,?,?,00592452,00000000), ref: 00591DFA
                                                                                                • WriteFile.KERNEL32(?,00000000,00000001,R$Y,00000000,?,?,?,?,?,?,?,?,?,00592452,00000000), ref: 00591E33
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                • String ID: R$Y
                                                                                                • API String ID: 1324828854-1931881274
                                                                                                • Opcode ID: d96bbdbe184ee471a1a807caa0420fe7aa44f420a9597b89e9d10cf75bd29767
                                                                                                • Instruction ID: 68cbffe3a73730bdd295ec07a89c6f612017ee422fd4cd81b87fd3e678f7a527
                                                                                                • Opcode Fuzzy Hash: d96bbdbe184ee471a1a807caa0420fe7aa44f420a9597b89e9d10cf75bd29767
                                                                                                • Instruction Fuzzy Hash: 8851AE71E0065AAFDF10CFA8D885AEEBFB8FF19300F18451AE955E7291E7309944CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057B631 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0057B656
                                                                                                • _wcslen.LIBCMT ref: 0057B6F6
                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 0057B705
                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 0057B726
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                                                                • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                • API String ID: 1116704506-4209811716
                                                                                                • Opcode ID: d64a8bb76253b7df4f80cdfb168f7fede5343dedd34e51a0f26ba3561de0be5f
                                                                                                • Instruction ID: 3e82a59e1067615954dfe9078c0f13e70b115855d9d19b15eaab27bcb9887673
                                                                                                • Opcode Fuzzy Hash: d64a8bb76253b7df4f80cdfb168f7fede5343dedd34e51a0f26ba3561de0be5f
                                                                                                • Instruction Fuzzy Hash: 8C3126321083067AFB19BB30AC0AF6F7F5CFF95320F14451EF905A6192FB64990893A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D8C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00561366: GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                  • Part of subcall function 00561366: SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                • EndDialog.USER32(?,00000001), ref: 0057D910
                                                                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 0057D937
                                                                                                • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0057D950
                                                                                                • SetWindowTextW.USER32(?,?), ref: 0057D961
                                                                                                • GetDlgItem.USER32(?,00000065), ref: 0057D96A
                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0057D97E
                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0057D994
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                • String ID: LICENSEDLG
                                                                                                • API String ID: 3214253823-2177901306
                                                                                                • Opcode ID: d66e16cb7bec071fceea4f5b76c37171550120e20a2ffb325c134d17d2ea55d4
                                                                                                • Instruction ID: b3d8f621f42a60df7d49e0c3db3b7abbdf6978cd330134470385801cd005040f
                                                                                                • Opcode Fuzzy Hash: d66e16cb7bec071fceea4f5b76c37171550120e20a2ffb325c134d17d2ea55d4
                                                                                                • Instruction Fuzzy Hash: 28219E32204619BFD7116F26FC4DE7B3E7CFF5AB41F048414F704A25A0CA529904BA71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056BF89 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0056BFA3
                                                                                                  • Part of subcall function 005734D7: GetSystemTime.KERNEL32(?,00000000), ref: 005734EF
                                                                                                  • Part of subcall function 005734D7: SystemTimeToFileTime.KERNEL32(?,?), ref: 005734FD
                                                                                                  • Part of subcall function 00573480: __aulldiv.LIBCMT ref: 00573489
                                                                                                • __aulldiv.LIBCMT ref: 0056BFCF
                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,?,?), ref: 0056BFD6
                                                                                                • _swprintf.LIBCMT ref: 0056C001
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                • _wcslen.LIBCMT ref: 0056C00B
                                                                                                • _swprintf.LIBCMT ref: 0056C061
                                                                                                • _wcslen.LIBCMT ref: 0056C06B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time_wcslen$System__aulldiv_swprintf$CurrentFileProcess__vswprintf_c_l
                                                                                                • String ID: %u.%03u
                                                                                                • API String ID: 2956649372-1114938957
                                                                                                • Opcode ID: acaf04ded31dde54cc079ac82a1d784643d6a325400899d04c53f1653fb91513
                                                                                                • Instruction ID: 27874436616864d671f3e63917518d1614575100a9636f55e75d837ebdf5d6d3
                                                                                                • Opcode Fuzzy Hash: acaf04ded31dde54cc079ac82a1d784643d6a325400899d04c53f1653fb91513
                                                                                                • Instruction Fuzzy Hash: F8216F72A043419BC714EF65CC8AEAF7BDCBBD4750F40491EF488D3251DA309A088BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CBC8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0057CBEE
                                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 0057CC05
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 0057CC19
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0057CC2A
                                                                                                • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0057CC42
                                                                                                • GetTimeFormatW.KERNEL32(00000400,?,?,00000000,00000000,00000032), ref: 0057CC66
                                                                                                • _swprintf.LIBCMT ref: 0057CC85
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$System$File$Format$DateLocalSpecific_swprintf
                                                                                                • String ID: %s %s
                                                                                                • API String ID: 385609497-2939940506
                                                                                                • Opcode ID: fdb09f780c05ea52824f9a23fe5935663928d1b6eb428d5751903b9c61a42d5f
                                                                                                • Instruction ID: 2ddab98db508c2eb6a24521944895330b7dae707db29f7ae13061b83c2ee9cea
                                                                                                • Opcode Fuzzy Hash: fdb09f780c05ea52824f9a23fe5935663928d1b6eb428d5751903b9c61a42d5f
                                                                                                • Instruction Fuzzy Hash: BD212AB250024DABDB21DFA1DD48EEE77BCFB59300F10456ABA19D7012E6309A09DB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00582360 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,0056CEA9,0056CEAB,00000000,00000000,6033248F,00000001,00000000,00000000,?,0056CD87,?,00000004,0056CEA9,ROOT\CIMV2), ref: 005823E9
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,0056CEA9,?,00000000,00000000,?,?,0056CD87,?,00000004,0056CEA9), ref: 00582464
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0058246F
                                                                                                • _com_issue_error.COMSUPP ref: 00582498
                                                                                                • _com_issue_error.COMSUPP ref: 005824A2
                                                                                                • GetLastError.KERNEL32(80070057,6033248F,00000001,00000000,00000000,?,0056CD87,?,00000004,0056CEA9,ROOT\CIMV2), ref: 005824A7
                                                                                                • _com_issue_error.COMSUPP ref: 005824BA
                                                                                                • GetLastError.KERNEL32(00000000,?,0056CD87,?,00000004,0056CEA9,ROOT\CIMV2), ref: 005824D0
                                                                                                • _com_issue_error.COMSUPP ref: 005824E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                • String ID:
                                                                                                • API String ID: 1353541977-0
                                                                                                • Opcode ID: 4ace7f545f82960341b449c79c7be3e0cf3a7fce108aa7cecd74a25f922d4215
                                                                                                • Instruction ID: 1ac2eb84464deab3185164e5e5fb9e0111303782094c9a3c6a0f4a62e95f049c
                                                                                                • Opcode Fuzzy Hash: 4ace7f545f82960341b449c79c7be3e0cf3a7fce108aa7cecd74a25f922d4215
                                                                                                • Instruction Fuzzy Hash: 7741EA71A00305ABDB10AF64DC49BAEBFA8FB44710F10462AFD05F7291DB359904CBB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058C06A Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                • String ID: =zX$=zX$=zX
                                                                                                • API String ID: 1036877536-88687947
                                                                                                • Opcode ID: d14ae59a6c47695d102f38ce8bebab2561187863f3de3b9f7c7780fcd14afeb7
                                                                                                • Instruction ID: 97709130835208fa76e48141490a8e22cde1d7df79eb8bdeee8c8268f85d7361
                                                                                                • Opcode Fuzzy Hash: d14ae59a6c47695d102f38ce8bebab2561187863f3de3b9f7c7780fcd14afeb7
                                                                                                • Instruction Fuzzy Hash: 31A148769003869FDB15EF58C8917AEBFE4FF51350F144569EC85BB282C6348942C760
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00584F20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00584F57
                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00584F5F
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00584FE8
                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00585013
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00585068
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                • String ID: MX$csm
                                                                                                • API String ID: 1170836740-3008780516
                                                                                                • Opcode ID: e942994cc0a29fef7135e9ed69ec74520666df117a6e5b89ec02c51f88624079
                                                                                                • Instruction ID: 56ed7c85567c82d0bed0cada78ae97cbda4bb40331eef03308bf9726ee356022
                                                                                                • Opcode Fuzzy Hash: e942994cc0a29fef7135e9ed69ec74520666df117a6e5b89ec02c51f88624079
                                                                                                • Instruction Fuzzy Hash: 6D418134A0021ADFCF10EF68C889A9EBFB5BF45314F14815AED15AB392DB319A15CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005732F8 Relevance: 12.1, APIs: 8, Instructions: 131timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __aulldiv.LIBCMT ref: 0057331D
                                                                                                  • Part of subcall function 0056D076: GetVersionExW.KERNEL32(?), ref: 0056D0A7
                                                                                                • FileTimeToLocalFileTime.KERNEL32(000000FF,?,?,000000FF,00000064,00000000,?,00000000), ref: 00573340
                                                                                                • FileTimeToSystemTime.KERNEL32(000000FF,?,?,000000FF,00000064,00000000,?,00000000), ref: 00573352
                                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00573363
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00573373
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00573383
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 005733BE
                                                                                                • __aullrem.LIBCMT ref: 00573464
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                • String ID:
                                                                                                • API String ID: 1247370737-0
                                                                                                • Opcode ID: 62983f254620eb9d5706021a16de5be690c3452ef1d006190345af67f63a7e1d
                                                                                                • Instruction ID: d827d1ed2f0a802da9b67c93d1d596208c9e0cdff78aae376f3e95cecb587304
                                                                                                • Opcode Fuzzy Hash: 62983f254620eb9d5706021a16de5be690c3452ef1d006190345af67f63a7e1d
                                                                                                • Instruction Fuzzy Hash: 785137B1508305AFC714DF65D88496BBBE9FB88714F00892EF59AC2210E734EA49EB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057BC7E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: </p>$</style>$<br>$<style>$>
                                                                                                • API String ID: 176396367-3568243669
                                                                                                • Opcode ID: 831ee9133f374d0ba57b7432a3eede6690419b07d3fbf4985ddce2ee8efa7fd3
                                                                                                • Instruction ID: 6be89e80621efeb15a6fadaf9836b2ef3455cdc05610aa828b9b8e08df00ac8a
                                                                                                • Opcode Fuzzy Hash: 831ee9133f374d0ba57b7432a3eede6690419b07d3fbf4985ddce2ee8efa7fd3
                                                                                                • Instruction Fuzzy Hash: E4510A5664032756FB306A1978127B67BD5FFA4790F68C42BFDC8CB2C0FB548D41A251
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056ACE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 149fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 0056AD2B
                                                                                                • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 0056AD4A
                                                                                                  • Part of subcall function 0056E208: _wcslen.LIBCMT ref: 0056E210
                                                                                                  • Part of subcall function 00574168: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,000000FF,0056E084,00000000,.exe,?,?,00000800,?,?,?,0057AD5D), ref: 0057417E
                                                                                                • _swprintf.LIBCMT ref: 0056ADEC
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0056AE5E
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0056AE9E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileMoveNamePath$CompareLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                • String ID: rtmp%d
                                                                                                • API String ID: 2133196417-3303766350
                                                                                                • Opcode ID: 3757cd97c14a8f024213674ac7f585dba279df094593ccc7ce3fbc000504e8e5
                                                                                                • Instruction ID: 710069d29049aeacaee6f14f70cb6f6680532730688930467ca26615a85c6738
                                                                                                • Opcode Fuzzy Hash: 3757cd97c14a8f024213674ac7f585dba279df094593ccc7ce3fbc000504e8e5
                                                                                                • Instruction Fuzzy Hash: 41516275900659A6DF20EB60CC89EEF7BBCBF45340F0408A5B556E3141EB359E88DF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057BE55 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(?,00000000), ref: 0057BE8A
                                                                                                • GetWindowRect.USER32(?,?), ref: 0057BED1
                                                                                                • ShowWindow.USER32(?,00000005,00000000), ref: 0057BF6C
                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 0057BF74
                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 0057BF8A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Show$RectText
                                                                                                • String ID: RarHtmlClassName
                                                                                                • API String ID: 3937224194-1658105358
                                                                                                • Opcode ID: e7adda6909da843f0602fd2a6b40a80ad2b311efafdcb15f4228260a2df25c00
                                                                                                • Instruction ID: 2e643a4626e8ec13684e687e5cb349cf8efea8aa3b1afe3a11cef4a6a0315560
                                                                                                • Opcode Fuzzy Hash: e7adda6909da843f0602fd2a6b40a80ad2b311efafdcb15f4228260a2df25c00
                                                                                                • Instruction Fuzzy Hash: 4A419B72508205AFDB109F64AC48B6B7FACFB9C700F198559F949AA252DB30D804DFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057B8D5 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                • API String ID: 176396367-3743748572
                                                                                                • Opcode ID: 80ef542f4051fe05b07eae00beb4dc3dece206d03c3878ffc172a0fa958f939c
                                                                                                • Instruction ID: a6b831ab17062d775b9e8e4d949275ceb9adf5bea0cf1866c69f558d81d29a70
                                                                                                • Opcode Fuzzy Hash: 80ef542f4051fe05b07eae00beb4dc3dece206d03c3878ffc172a0fa958f939c
                                                                                                • Instruction Fuzzy Hash: 2231302264430656FA34BB54BC42B77BBB4FB90350F50842FFBA9A72C0FB51AD445391
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058EEF4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058EEB8: _free.LIBCMT ref: 0058EEE1
                                                                                                • _free.LIBCMT ref: 0058EF42
                                                                                                  • Part of subcall function 0058BAFA: RtlFreeHeap.NTDLL(00000000,00000000,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?), ref: 0058BB10
                                                                                                  • Part of subcall function 0058BAFA: GetLastError.KERNEL32(?,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?,?), ref: 0058BB22
                                                                                                • _free.LIBCMT ref: 0058EF4D
                                                                                                • _free.LIBCMT ref: 0058EF58
                                                                                                • _free.LIBCMT ref: 0058EFAC
                                                                                                • _free.LIBCMT ref: 0058EFB7
                                                                                                • _free.LIBCMT ref: 0058EFC2
                                                                                                • _free.LIBCMT ref: 0058EFCD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                • Instruction ID: 5425b3b305ed0f069a44a0f7262080300cad64c4e230e13d9ff952cf8dfb8819
                                                                                                • Opcode Fuzzy Hash: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                                                • Instruction Fuzzy Hash: 5B11EA72940B06AAF520F7B1CC0BFCB7FBC7F84700F404815FA9A76292DA75A5094754
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00568C95 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00000020,?), ref: 00568CB2
                                                                                                • GetLastError.KERNEL32 ref: 00568CF6
                                                                                                • CloseHandle.KERNEL32(?), ref: 00568D05
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCurrentErrorHandleLastProcess
                                                                                                • String ID: @X$JX$^X
                                                                                                • API String ID: 1009092642-3346770594
                                                                                                • Opcode ID: e23b65d5095cbbf173ea760c2bd099255e477212facf80488fb48ca81d45fb12
                                                                                                • Instruction ID: d49b41d9505164b2398631959013ee600a2840deae402cee5dfabbfecf5ff1cf
                                                                                                • Opcode Fuzzy Hash: e23b65d5095cbbf173ea760c2bd099255e477212facf80488fb48ca81d45fb12
                                                                                                • Instruction Fuzzy Hash: D301ADB1601219AFDB109FA5DD8EEBFBBBCFB19344F404419A501E3190DA719D49EB70
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00580ACB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00580B46,00580AA9,00580D4A), ref: 00580AE2
                                                                                                • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00580AF8
                                                                                                • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00580B0D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule
                                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                • API String ID: 667068680-1718035505
                                                                                                • Opcode ID: b255fecefefe064ba6e6c59667973f2bfa167f8552b8f8427e2d680ae8fbbc90
                                                                                                • Instruction ID: c33ead2df07b27e8a84332fd40913905da98ce20d0fc9663869a8bc24bedb00e
                                                                                                • Opcode Fuzzy Hash: b255fecefefe064ba6e6c59667973f2bfa167f8552b8f8427e2d680ae8fbbc90
                                                                                                • Instruction Fuzzy Hash: 4AF0A4313517215B4BA0BFE45C8997F2EC8BA22356332183A9D42E21C0EA50DC8DA3E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057418A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 00574192
                                                                                                • _wcslen.LIBCMT ref: 005741A3
                                                                                                • _wcslen.LIBCMT ref: 005741B3
                                                                                                • _wcslen.LIBCMT ref: 005741C1
                                                                                                • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0056D2D3,?,?,00000000,?,?,?), ref: 005741DC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$CompareString
                                                                                                • String ID: <
                                                                                                • API String ID: 3397213944-4251816714
                                                                                                • Opcode ID: ddce76968428e9b66df834b98349ee3cf2b5c077efdcbf2b98b564750eaac428
                                                                                                • Instruction ID: 32441c7d995e759ec2c1d5bd7e46059fd4ef4acb25b9c3dc6bfd34d72cc9b40b
                                                                                                • Opcode Fuzzy Hash: ddce76968428e9b66df834b98349ee3cf2b5c077efdcbf2b98b564750eaac428
                                                                                                • Instruction Fuzzy Hash: 01F01732148169BFCF122F51EC4DD8E3F26FB90770B61C41AFA196A061CB329995EBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058B160 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0058B17E
                                                                                                  • Part of subcall function 0058BAFA: RtlFreeHeap.NTDLL(00000000,00000000,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?), ref: 0058BB10
                                                                                                  • Part of subcall function 0058BAFA: GetLastError.KERNEL32(?,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?,?), ref: 0058BB22
                                                                                                • _free.LIBCMT ref: 0058B190
                                                                                                • _free.LIBCMT ref: 0058B1A3
                                                                                                • _free.LIBCMT ref: 0058B1B4
                                                                                                • _free.LIBCMT ref: 0058B1C5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID: p,Z
                                                                                                • API String ID: 776569668-423584262
                                                                                                • Opcode ID: 063a7ae002f0014924a8954f939d9c0dffa25f9b0553225a2d248bdf78eb67f5
                                                                                                • Instruction ID: a2fc92445fcfcb0e9caa062f103d85566639bb2b021f35cd64ae7cb4fed2244f
                                                                                                • Opcode Fuzzy Hash: 063a7ae002f0014924a8954f939d9c0dffa25f9b0553225a2d248bdf78eb67f5
                                                                                                • Instruction Fuzzy Hash: C9F01774800A21AFAA05BB19EC168987FA9F765724700460AF81666360CBB20A49EF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00573583 Relevance: 9.1, APIs: 6, Instructions: 104timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 005735E6
                                                                                                  • Part of subcall function 0056D076: GetVersionExW.KERNEL32(?), ref: 0056D0A7
                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0057360A
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00573624
                                                                                                • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00573637
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00573647
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00573657
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                                • String ID:
                                                                                                • API String ID: 2092733347-0
                                                                                                • Opcode ID: 0326e578180c7742fee8046a537b5396e0da85c8f781476d8669e73c160f867d
                                                                                                • Instruction ID: c5989b902745ab762f2af6afb345e3586c403928fb7649a469c2e873a6dcb4b0
                                                                                                • Opcode Fuzzy Hash: 0326e578180c7742fee8046a537b5396e0da85c8f781476d8669e73c160f867d
                                                                                                • Instruction Fuzzy Hash: 124129761083059BCB04DFA8D88499BBBE8FF98714F04891EF999C7210E730D909DBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058511A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00585111,00584ECC,005821B4), ref: 00585128
                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00585136
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0058514F
                                                                                                • SetLastError.KERNEL32(00000000,00585111,00584ECC,005821B4), ref: 005851A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                • String ID:
                                                                                                • API String ID: 3852720340-0
                                                                                                • Opcode ID: aba6599c954e8293f783be45247860cbe6de04f989c09c62f42eb318eda09c24
                                                                                                • Instruction ID: 433d219eed93270c31302bf98e116f3d7cb243ce8488b9611007328ef7258c35
                                                                                                • Opcode Fuzzy Hash: aba6599c954e8293f783be45247860cbe6de04f989c09c62f42eb318eda09c24
                                                                                                • Instruction Fuzzy Hash: 3D01F136208B126EE72136B8BC8E7362E44FBA2771BA0022AFC10A65E0FF510C14E750
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058B9A5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,005A50C4,00586E12,005A50C4,?,?,0058688D,?,?,005A50C4), ref: 0058B9A9
                                                                                                • _free.LIBCMT ref: 0058B9DC
                                                                                                • _free.LIBCMT ref: 0058BA04
                                                                                                • SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BA11
                                                                                                • SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BA1D
                                                                                                • _abort.LIBCMT ref: 0058BA23
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 3160817290-0
                                                                                                • Opcode ID: a9ddc7d0e82f92d5074110b5f782895b27a6a5a2b88828952cac9eeba339ad38
                                                                                                • Instruction ID: 081da660c33dd1181447a907cc685e1292eb49ec583cf035273c6e595e1e764d
                                                                                                • Opcode Fuzzy Hash: a9ddc7d0e82f92d5074110b5f782895b27a6a5a2b88828952cac9eeba339ad38
                                                                                                • Instruction Fuzzy Hash: BAF0F4361045026BE6197329AC4FB6B2E6DFFD1770F210015FE16B2292FF618C0A9324
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058004D Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00580059
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00580073
                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00580084
                                                                                                • TranslateMessage.USER32(?), ref: 0058008E
                                                                                                • DispatchMessageW.USER32(?), ref: 00580098
                                                                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 005800A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                • String ID:
                                                                                                • API String ID: 2148572870-0
                                                                                                • Opcode ID: 61a174ebb3feb8309556404942650ff89bd34db16f821ce99c867b5130e06cc1
                                                                                                • Instruction ID: bd1c30b266b8a866e2e20208392f59bc967e462c78ef1e8067b6a353e988abef
                                                                                                • Opcode Fuzzy Hash: 61a174ebb3feb8309556404942650ff89bd34db16f821ce99c867b5130e06cc1
                                                                                                • Instruction Fuzzy Hash: 8CF03C72A0122DABCB206BA1EC4DECF7E6DEF56751B008011B90AE2050D634C549DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D41C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndDialog.USER32(?,00000001), ref: 0057D57B
                                                                                                • GetDlgItemTextW.USER32(?,00000066,00001000,00000200), ref: 0057D591
                                                                                                • SetDlgItemTextW.USER32(?,00000067,?), ref: 0057D5B9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemText$Dialog
                                                                                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                • API String ID: 1770891597-1315819833
                                                                                                • Opcode ID: 22fedd6c62bbe217342db2b6d0753a6635cc0b24c3cac82f66f6c2fda2483aae
                                                                                                • Instruction ID: ffc828221fa571cdc995de6f9b0c19aa9278f750a30e330828e15ab74719ef8f
                                                                                                • Opcode Fuzzy Hash: 22fedd6c62bbe217342db2b6d0753a6635cc0b24c3cac82f66f6c2fda2483aae
                                                                                                • Instruction Fuzzy Hash: B7419172504209ABDB30AB64EC49FFA7BBCFF59700F108429F609E7181DB70A944AB75
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056E033 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00572663: _wcslen.LIBCMT ref: 00572669
                                                                                                  • Part of subcall function 0056D848: _wcsrchr.LIBVCRUNTIME ref: 0056D85F
                                                                                                • _wcslen.LIBCMT ref: 0056E105
                                                                                                • _wcslen.LIBCMT ref: 0056E14D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$_wcsrchr
                                                                                                • String ID: .exe$.rar$.sfx
                                                                                                • API String ID: 3513545583-31770016
                                                                                                • Opcode ID: 6448828d3ccc1030d283ed3ed6d08798d084fe8f88832292761fb1f9ddf3239e
                                                                                                • Instruction ID: 6bf0e28f1eb2eaf9eb1a90dbd7de744ef2b94130b6d990b118f58f398d2d4d21
                                                                                                • Opcode Fuzzy Hash: 6448828d3ccc1030d283ed3ed6d08798d084fe8f88832292761fb1f9ddf3239e
                                                                                                • Instruction Fuzzy Hash: B141153A50271195CB326F34D85BA7B7FA8FF42764F10890EF9859B080EBB05D85D351
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056DA1E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 134COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0056DA59
                                                                                                • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0056BD19,?,?,00000800,?,?,?,0056BCD4), ref: 0056DB02
                                                                                                • _wcslen.LIBCMT ref: 0056DB70
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$CurrentDirectory
                                                                                                • String ID: UNC$\\?\
                                                                                                • API String ID: 3341907918-253988292
                                                                                                • Opcode ID: 366abd7c67804adb9e3c76a61d0e586d664286d718d97f4553db1e65f1933e46
                                                                                                • Instruction ID: b90743ab90d0df1f61308f39a92c7988876e23339372cd76f61eaf4b6b326bf8
                                                                                                • Opcode Fuzzy Hash: 366abd7c67804adb9e3c76a61d0e586d664286d718d97f4553db1e65f1933e46
                                                                                                • Instruction Fuzzy Hash: D641D632E0434266DA20AF609C89DFF7BBCBF95740F018C1AF48493155EBA49845DB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005610E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: %X
                                                                                                • API String ID: 176396367-1974812566
                                                                                                • Opcode ID: ee676fcc785c0852f35763d01dfe4ac8565104e7f0f3f1cadeb0af65829e9d1f
                                                                                                • Instruction ID: 16640f1fe7b5083bcebdc378cf587577e321ab950d77224bc54c5838e1ec401c
                                                                                                • Opcode Fuzzy Hash: ee676fcc785c0852f35763d01dfe4ac8565104e7f0f3f1cadeb0af65829e9d1f
                                                                                                • Instruction Fuzzy Hash: AA418F71504B529BC725DF38C9599AFBBE8FF85300F04492DF989E3250DB30A9098B96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D9DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadBitmapW.USER32(00000065), ref: 0057D9ED
                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 0057DA12
                                                                                                • DeleteObject.GDI32(00000000), ref: 0057DA44
                                                                                                • DeleteObject.GDI32(00000000), ref: 0057DA67
                                                                                                  • Part of subcall function 0057C652: FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,0057DA3D,00000066), ref: 0057C665
                                                                                                  • Part of subcall function 0057C652: SizeofResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C67C
                                                                                                  • Part of subcall function 0057C652: LoadResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C693
                                                                                                  • Part of subcall function 0057C652: LockResource.KERNEL32(00000000,?,?,?,0057DA3D,00000066), ref: 0057C6A2
                                                                                                  • Part of subcall function 0057C652: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0057DA3D,00000066), ref: 0057C6BD
                                                                                                  • Part of subcall function 0057C652: GlobalLock.KERNEL32(00000000,?,?,?,?,?,0057DA3D,00000066), ref: 0057C6CE
                                                                                                  • Part of subcall function 0057C652: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0057C737
                                                                                                  • Part of subcall function 0057C652: GlobalUnlock.KERNEL32(00000000), ref: 0057C756
                                                                                                  • Part of subcall function 0057C652: GlobalFree.KERNEL32(00000000), ref: 0057C75D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                                                                • String ID: ]
                                                                                                • API String ID: 1428510222-3352871620
                                                                                                • Opcode ID: 61292b7ccb1fa18341466dea76b08e82a427deab4c39b21fbd00580b60badf76
                                                                                                • Instruction ID: 44f2074f3fda59e508d78eec4f15dd2d157dbe71a390a0abaa81fd124194da22
                                                                                                • Opcode Fuzzy Hash: 61292b7ccb1fa18341466dea76b08e82a427deab4c39b21fbd00580b60badf76
                                                                                                • Instruction Fuzzy Hash: 3E01AD325046066BCB126769BC4DE7B3E7ABFC1B61F144118B80CB7291DF718C09AAB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057F950 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00561366: GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                  • Part of subcall function 00561366: SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                • EndDialog.USER32(?,00000001), ref: 0057F99B
                                                                                                • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0057F9B1
                                                                                                • SetDlgItemTextW.USER32(?,00000066,?), ref: 0057F9C5
                                                                                                • SetDlgItemTextW.USER32(?,00000068), ref: 0057F9D4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemText$DialogWindow
                                                                                                • String ID: RENAMEDLG
                                                                                                • API String ID: 445417207-3299779563
                                                                                                • Opcode ID: 4b8d25baeeaaae7cbb135ffd1ddd19c79bcc82127507819aedffa82b592c6a13
                                                                                                • Instruction ID: 94f0e9df2e6b563a68fc013258c42bc836a089632cda247005afb64136036b05
                                                                                                • Opcode Fuzzy Hash: 4b8d25baeeaaae7cbb135ffd1ddd19c79bcc82127507819aedffa82b592c6a13
                                                                                                • Instruction Fuzzy Hash: 5001B5322846187FD211DB64AD0DF7B7F5CFBA9701F14C425F345A2590C6629908FB75
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058A6C5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0058A676,?,?,0058A616,?,0059F7B0,0000000C,0058A76D,?,00000002), ref: 0058A6E5
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0058A6F8
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,0058A676,?,?,0058A616,?,0059F7B0,0000000C,0058A76D,?,00000002,00000000), ref: 0058A71B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 0b621e9a692d5d8803f4e5a8ec1eb9ed3e8fb1c3f09f3ed84c516e81774b2d57
                                                                                                • Instruction ID: ce20e3cd9b7482944bd775999afd8e3b2e501792d88c74765b34fb2663a56ed8
                                                                                                • Opcode Fuzzy Hash: 0b621e9a692d5d8803f4e5a8ec1eb9ed3e8fb1c3f09f3ed84c516e81774b2d57
                                                                                                • Instruction Fuzzy Hash: 2EF04430500208BBDF11AFA4DC89B9DBFB9FB08751F05416AF806A2150DB315E48EB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00561366 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00570244: _swprintf.LIBCMT ref: 00570284
                                                                                                  • Part of subcall function 00570244: _strlen.LIBCMT ref: 005702A5
                                                                                                  • Part of subcall function 00570244: SetDlgItemTextW.USER32(?,005A2274,?), ref: 005702FE
                                                                                                  • Part of subcall function 00570244: GetWindowRect.USER32(?,?), ref: 00570334
                                                                                                  • Part of subcall function 00570244: GetClientRect.USER32(?,?), ref: 00570340
                                                                                                • GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                • SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                • String ID: 0$pPZ$pPZ
                                                                                                • API String ID: 2622349952-1843725025
                                                                                                • Opcode ID: 0786abbfcc6c2de86f940d818735d00147e5917743f8d8a20f5e2125d8639a7a
                                                                                                • Instruction ID: d9553696f1c4a8b1e5f94d228c548e516e23c9da092e360438a11de760aed91a
                                                                                                • Opcode Fuzzy Hash: 0786abbfcc6c2de86f940d818735d00147e5917743f8d8a20f5e2125d8639a7a
                                                                                                • Instruction Fuzzy Hash: 2CF08C30604A4CAADF150F22DC0DBB93FA8FB15394F088914FC4A52AA2DBB4C994EF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005712F6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 005728AB: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 005728D4
                                                                                                  • Part of subcall function 005728AB: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00571309,Crypt32.dll,00000000,00571383,00000200,?,00571366,00000000,00000000,?), ref: 005728F4
                                                                                                • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00571315
                                                                                                • GetProcAddress.KERNEL32(005AC1F0,CryptUnprotectMemory), ref: 00571325
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                • API String ID: 2141747552-1753850145
                                                                                                • Opcode ID: ab684ddd9663139547964f352063d47005c11714145e5885a3a4504954c7acad
                                                                                                • Instruction ID: 3750b43dbec3b45e268a5f3c73ec1a1654aad2f033a91d622b9f7150573e2d9e
                                                                                                • Opcode Fuzzy Hash: ab684ddd9663139547964f352063d47005c11714145e5885a3a4504954c7acad
                                                                                                • Instruction Fuzzy Hash: 07E08670A40B019EDB205F38A94DB427EE4BF24700F04CC1DE0D997640D6B5D4489B50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005851FA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustPointer$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 2252061734-0
                                                                                                • Opcode ID: 3d3bf63d7dfd961246a75dcc9d1da9dec9363fb7f2ff7e997dc42410e538abf1
                                                                                                • Instruction ID: 8ac1ee2191ad3d3b5d709df7a86f61e0253e983d4ca8ab33a1c79f016b7f67ef
                                                                                                • Opcode Fuzzy Hash: 3d3bf63d7dfd961246a75dcc9d1da9dec9363fb7f2ff7e997dc42410e538abf1
                                                                                                • Instruction Fuzzy Hash: 3851D275601A069FDB25AF54D845BAABFA4FF84350F14482DED06B7291FB71AC40CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058E580 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0058E589
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0058E5AC
                                                                                                  • Part of subcall function 0058BC8E: RtlAllocateHeap.NTDLL(00000000,?,?,?,00586A24,?,0000015D,?,?,?,?,00587F00,000000FF,00000000,?,?), ref: 0058BCC0
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0058E5D2
                                                                                                • _free.LIBCMT ref: 0058E5E5
                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0058E5F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 336800556-0
                                                                                                • Opcode ID: 3865ce7217cc42d4e6b38125a7ce4214d5630049d24dcfaa048d7aad56151ddc
                                                                                                • Instruction ID: 96f38f5720055f88b8c655a965df581b31897c3057c5511f209f80e5eb305137
                                                                                                • Opcode Fuzzy Hash: 3865ce7217cc42d4e6b38125a7ce4214d5630049d24dcfaa048d7aad56151ddc
                                                                                                • Instruction Fuzzy Hash: 0E01B1726012127F273166765C8EC7F6E7DFEC2BA8315012ABC05E2205EE608D05E3B0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058BA29 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,0058BC80,0058D7D8,?,0058B9D3,00000001,00000364,?,0058688D,?,?,005A50C4), ref: 0058BA2E
                                                                                                • _free.LIBCMT ref: 0058BA63
                                                                                                • _free.LIBCMT ref: 0058BA8A
                                                                                                • SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BA97
                                                                                                • SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BAA0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free
                                                                                                • String ID:
                                                                                                • API String ID: 3170660625-0
                                                                                                • Opcode ID: d60a5027c81516c5a824726034b77b93d965dabb97114e03a49084764258492d
                                                                                                • Instruction ID: c70195bdec3681ebcad1ed3ae284f493be04027885bb08ed14f025acaeff4ad3
                                                                                                • Opcode Fuzzy Hash: d60a5027c81516c5a824726034b77b93d965dabb97114e03a49084764258492d
                                                                                                • Instruction Fuzzy Hash: 7E01F936204602ABA21DB7385C8EE6B3E6EFFD13717210425FD25B2291EF618D09A320
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00572FC9 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 005732AF: ResetEvent.KERNEL32(?), ref: 005732C1
                                                                                                  • Part of subcall function 005732AF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 005732D5
                                                                                                • ReleaseSemaphore.KERNEL32(?,00000040,00000000,6033248F,?,?,00000001,?,005952FF,000000FF,?,005743C0,?,00000000,?,00564766), ref: 00573007
                                                                                                • CloseHandle.KERNEL32(?,?,?,005743C0,?,00000000,?,00564766,?,?,?,00000000,?,?,?,00000001), ref: 00573021
                                                                                                • DeleteCriticalSection.KERNEL32(?,?,005743C0,?,00000000,?,00564766,?,?,?,00000000,?,?,?,00000001,?), ref: 0057303A
                                                                                                • CloseHandle.KERNEL32(?,?,005743C0,?,00000000,?,00564766,?,?,?,00000000,?,?,?,00000001,?), ref: 00573046
                                                                                                • CloseHandle.KERNEL32(?,?,005743C0,?,00000000,?,00564766,?,?,?,00000000,?,?,?,00000001,?), ref: 00573052
                                                                                                  • Part of subcall function 005730CA: WaitForSingleObject.KERNEL32(?,000000FF,005731E7,?,?,0057325F,?,?,?,?,?,00573249), ref: 005730D0
                                                                                                  • Part of subcall function 005730CA: GetLastError.KERNEL32(?,?,0057325F,?,?,?,?,?,00573249), ref: 005730DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                • String ID:
                                                                                                • API String ID: 1868215902-0
                                                                                                • Opcode ID: f1af91f800d4cf80ce140cad5ba176632746bbb2b510b755f2665cefed3e706c
                                                                                                • Instruction ID: 4b99d2798ecf125aa0706e0f135b401ffedc4de2ee29f19c2da4da9fa15fbaa5
                                                                                                • Opcode Fuzzy Hash: f1af91f800d4cf80ce140cad5ba176632746bbb2b510b755f2665cefed3e706c
                                                                                                • Instruction Fuzzy Hash: 61118076500744EFC7229F64ED89BC6BBA9FB18710F01492AF16B92160CB75AA48EB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058EE4F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0058EE67
                                                                                                  • Part of subcall function 0058BAFA: RtlFreeHeap.NTDLL(00000000,00000000,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?), ref: 0058BB10
                                                                                                  • Part of subcall function 0058BAFA: GetLastError.KERNEL32(?,?,0058EEE6,?,00000000,?,00000000,?,0058EF0D,?,00000007,?,?,0058F30A,?,?), ref: 0058BB22
                                                                                                • _free.LIBCMT ref: 0058EE79
                                                                                                • _free.LIBCMT ref: 0058EE8B
                                                                                                • _free.LIBCMT ref: 0058EE9D
                                                                                                • _free.LIBCMT ref: 0058EEAF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: f6d69ea79ec7f54b1e6b6362022cfe4137f09ca91aad5a64f6ca1c5a15b9444b
                                                                                                • Instruction ID: d20013bd75b74d465fa6d456e2f9ebb106a3ce442d7f46101c8ebba043a500c5
                                                                                                • Opcode Fuzzy Hash: f6d69ea79ec7f54b1e6b6362022cfe4137f09ca91aad5a64f6ca1c5a15b9444b
                                                                                                • Instruction Fuzzy Hash: 8CF0EC32504204AF9664FB6DF887C9A7BFEBB51711B540805F849F7650CB70FC848B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057C79C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0057C629: GetDC.USER32(00000000), ref: 0057C62D
                                                                                                  • Part of subcall function 0057C629: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0057C638
                                                                                                  • Part of subcall function 0057C629: ReleaseDC.USER32(00000000,00000000), ref: 0057C643
                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 0057C7E0
                                                                                                  • Part of subcall function 0057CA67: GetDC.USER32(00000000), ref: 0057CA70
                                                                                                  • Part of subcall function 0057CA67: GetObjectW.GDI32(?,00000018,?), ref: 0057CA9F
                                                                                                  • Part of subcall function 0057CA67: ReleaseDC.USER32(00000000,?), ref: 0057CB37
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectRelease$CapsDevice
                                                                                                • String ID: ($fX
                                                                                                • API String ID: 1061551593-3418762607
                                                                                                • Opcode ID: 9279785608e1acf93d0db1021fbdca5afca004ee483468651dac195c190f9e4a
                                                                                                • Instruction ID: 6fcad609f22702b72ee5eda906b39167d6bb84500675329952863287c9a090ae
                                                                                                • Opcode Fuzzy Hash: 9279785608e1acf93d0db1021fbdca5afca004ee483468651dac195c190f9e4a
                                                                                                • Instruction Fuzzy Hash: B991F3756083559FDA10DF29D848D2BBBE8FFD9B00F04495EF48AD3260CB70A909DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00573748 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 203COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _swprintf
                                                                                                • String ID: %ls$%s: %s
                                                                                                • API String ID: 589789837-2259941744
                                                                                                • Opcode ID: c7141d8b041830fce5ebd27ec70b041df649cf3b951f1cd650750d5b8e879585
                                                                                                • Instruction ID: f60035a8c1f9384db22e33deca3cee9aa331b62cf14bd59a62bc90fd5e97a56c
                                                                                                • Opcode Fuzzy Hash: c7141d8b041830fce5ebd27ec70b041df649cf3b951f1cd650750d5b8e879585
                                                                                                • Instruction Fuzzy Hash: C851F7B5248305FAFB255B94BD4BF257FA9FB09F20F10C906B38E640E1D6A257407E16
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058A7C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\qdHMT36Tn9.exe,00000104), ref: 0058A800
                                                                                                • _free.LIBCMT ref: 0058A8CB
                                                                                                • _free.LIBCMT ref: 0058A8D5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$FileModuleName
                                                                                                • String ID: C:\Users\user\Desktop\qdHMT36Tn9.exe
                                                                                                • API String ID: 2506810119-1453164745
                                                                                                • Opcode ID: 478a2f860074f8e95ac937595e73dc0fb46946e557f4e8263836d273711d2702
                                                                                                • Instruction ID: 0d36701a6ac2428aa93df9faacef26e56ce0baa1b5b5562b3b84d7ec7f4e04d4
                                                                                                • Opcode Fuzzy Hash: 478a2f860074f8e95ac937595e73dc0fb46946e557f4e8263836d273711d2702
                                                                                                • Instruction Fuzzy Hash: C8318F71A00619EFEB25EB99D885DAEBFFCFB85710B104067ED04B7201D6704E45DBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005857F6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0058581B
                                                                                                • _abort.LIBCMT ref: 00585926
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: EncodePointer_abort
                                                                                                • String ID: MOC$RCC
                                                                                                • API String ID: 948111806-2084237596
                                                                                                • Opcode ID: 623d93b0c015a14a0449ec7ec8547b353ef8921e8387b5a3c9a4b6f0cb1f656b
                                                                                                • Instruction ID: aff1811d35b534d91d9d5dbd5a2d72a0997b53a00c22e8cdef86d90aa4738a89
                                                                                                • Opcode Fuzzy Hash: 623d93b0c015a14a0449ec7ec8547b353ef8921e8387b5a3c9a4b6f0cb1f656b
                                                                                                • Instruction Fuzzy Hash: B341157290060AEFCF16EF94C885AAEBFB5FF48314F288059FD14B6221E2359950DF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056F7B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __fprintf_l.LIBCMT ref: 0056F82D
                                                                                                • _strncpy.LIBCMT ref: 0056F871
                                                                                                  • Part of subcall function 00573F47: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0056F801,00000000,00000000,?,005A5070,?,0056F801,?,?,00000050,?), ref: 00573F64
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                • String ID: $%s$@%s
                                                                                                • API String ID: 562999700-834177443
                                                                                                • Opcode ID: 4e126fa3e540fe2f81202ea875767537ce8f502ccaa105b37880381e1035f7ce
                                                                                                • Instruction ID: d74d963c86076f9a8eaeb4b5188e01508bcd112e8b123c19cf48df646beda669
                                                                                                • Opcode Fuzzy Hash: 4e126fa3e540fe2f81202ea875767537ce8f502ccaa105b37880381e1035f7ce
                                                                                                • Instruction Fuzzy Hash: DF219072900309ABDB20DFA4EC46BAE7BA8FB15300F04056AF925A3191E771EA099B50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CDA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00561366: GetDlgItem.USER32(00000000,00003021), ref: 005613AA
                                                                                                  • Part of subcall function 00561366: SetWindowTextW.USER32(00000000,005965F4), ref: 005613C0
                                                                                                • EndDialog.USER32(?,00000001), ref: 0057CE28
                                                                                                • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0057CE3D
                                                                                                • SetDlgItemTextW.USER32(?,00000066,?), ref: 0057CE52
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemText$DialogWindow
                                                                                                • String ID: ASKNEXTVOL
                                                                                                • API String ID: 445417207-3402441367
                                                                                                • Opcode ID: 31254f5f92e970c2258bfe402e19e0ea4100975a8e98d752a610568ff7118124
                                                                                                • Instruction ID: 94866342553c3a4d21235d958a5d72046459d7107a7eed8d37bb3a7e91e29b15
                                                                                                • Opcode Fuzzy Hash: 31254f5f92e970c2258bfe402e19e0ea4100975a8e98d752a610568ff7118124
                                                                                                • Instruction Fuzzy Hash: 1F11E932244A05AFD7229FA8FC09F763F6DFB5AB00F044418FA45A71A4C761AD05FB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00572F22 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0056CAA0,00000008,00000004,0056F1F0,?,00000000), ref: 00572F61
                                                                                                • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0056CAA0,00000008,00000004,0056F1F0,?,00000000), ref: 00572F6B
                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0056CAA0,00000008,00000004,0056F1F0,?,00000000), ref: 00572F7B
                                                                                                Strings
                                                                                                • Thread pool initialization failed., xrefs: 00572F93
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                • String ID: Thread pool initialization failed.
                                                                                                • API String ID: 3340455307-2182114853
                                                                                                • Opcode ID: bda8e5cfb4f22c1438a585e3ed9926dd31a9f8fefe5221339cf59d93111ca537
                                                                                                • Instruction ID: 66cd8e5e1de0e8c3bee4eadd5055cf4570c3439821aa1f59af9ae3b7821230d7
                                                                                                • Opcode Fuzzy Hash: bda8e5cfb4f22c1438a585e3ed9926dd31a9f8fefe5221339cf59d93111ca537
                                                                                                • Instruction Fuzzy Hash: C4114FB1604709AFC3215F6A9CC9AA7FFECFBA9744F10482EF1DAC3200E67159449B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005800EF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                • API String ID: 0-56093855
                                                                                                • Opcode ID: 858133bffaae28796961929b26575cef3cec8b76a6c4ab690b313c81f24bf53f
                                                                                                • Instruction ID: 80a8cf873b880af07b5a6aad7037ef6b58a665ce6706e569672fdf93de7bb897
                                                                                                • Opcode Fuzzy Hash: 858133bffaae28796961929b26575cef3cec8b76a6c4ab690b313c81f24bf53f
                                                                                                • Instruction Fuzzy Hash: 0F019E31604608AFDB51AF24EC48E763FE4BB2A761F000425F905E32B0D261885CEBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00564B3D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00564B42
                                                                                                  • Part of subcall function 0058106D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00581079
                                                                                                  • Part of subcall function 0058106D: ___delayLoadHelper2@8.DELAYIMP ref: 0058109F
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00564B4D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xinvalid_argumentstd::_$Helper2@8Load___delaystd::invalid_argument::invalid_argument
                                                                                                • String ID: string too long$vector too long
                                                                                                • API String ID: 2355824318-1617939282
                                                                                                • Opcode ID: 150ff9bede4eb9369177b0874e532bdf07c5a5469b11a66c9752416fd6037e32
                                                                                                • Instruction ID: f521e4802b648c39f12e43f3a2ab9edab802cc977283100e081436b8445541cc
                                                                                                • Opcode Fuzzy Hash: 150ff9bede4eb9369177b0874e532bdf07c5a5469b11a66c9752416fd6037e32
                                                                                                • Instruction Fuzzy Hash: FAF08C31200708AB8E34AE59DC4984ABBADFBC5B60B10091AEA8593611C3B0E9448BB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056C142 Relevance: 6.1, APIs: 4, Instructions: 135filetimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,?,?,00569343,?,?,?), ref: 0056C1EE
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,?,00569343,?,?), ref: 0056C22C
                                                                                                • SetFileTime.KERNEL32(00000800,?,?,00000000,?,?,?,00569343,?,?,?,?,?,?,?,?), ref: 0056C2AF
                                                                                                • CloseHandle.KERNEL32(00000800,?,?,?,00569343,?,?,?,?,?,?,?,?,?,?), ref: 0056C2B6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Create$CloseHandleTime
                                                                                                • String ID:
                                                                                                • API String ID: 2287278272-0
                                                                                                • Opcode ID: 884908e2a333f303a3af1846893df2256657906275f7e5aae97f23b7973896c4
                                                                                                • Instruction ID: fa44c5c8c8815e0ae00416c864e74d3472df44fa46459b7e289d22c5081e852b
                                                                                                • Opcode Fuzzy Hash: 884908e2a333f303a3af1846893df2256657906275f7e5aae97f23b7973896c4
                                                                                                • Instruction Fuzzy Hash: DB41D2302483829EE320DB64DC59BBBBFE8BB99710F04091DB5D5D7181D674AA4CD752
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056BD61 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 0056BD93
                                                                                                • _wcslen.LIBCMT ref: 0056BDB6
                                                                                                • _wcslen.LIBCMT ref: 0056BE4C
                                                                                                • _wcslen.LIBCMT ref: 0056BEB1
                                                                                                  • Part of subcall function 0056C37A: FindClose.KERNELBASE(00000000,000000FF,?,?,?,?,005687BC,?,?,00000000,0000003A,?,0000003A,00000802), ref: 0056C3A5
                                                                                                  • Part of subcall function 0056BBFF: RemoveDirectoryW.KERNEL32(00000001,?,00000001,00000000), ref: 0056BC1C
                                                                                                  • Part of subcall function 0056BBFF: RemoveDirectoryW.KERNEL32(?,00000001,?,00000800), ref: 0056BC48
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$DirectoryRemove$CloseFind
                                                                                                • String ID:
                                                                                                • API String ID: 973666142-0
                                                                                                • Opcode ID: bb330f41f9fcfafb6ebd45450e568b3dfa6ddc24113f5480a8b832e2e7924d6f
                                                                                                • Instruction ID: dbbf97c634fed3504245a775d04e395120eda6ec02146d30dc09791fb960744d
                                                                                                • Opcode Fuzzy Hash: bb330f41f9fcfafb6ebd45450e568b3dfa6ddc24113f5480a8b832e2e7924d6f
                                                                                                • Instruction Fuzzy Hash: 3441C87250439596EB30AB6498499EBBBEDBFC4300F404C1AEA85D7142DB769DC8C7A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056849E Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 112COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,00000000,00000800,?,?,6033248F,00000000,?,00000000), ref: 00568596
                                                                                                  • Part of subcall function 00568C95: GetCurrentProcess.KERNEL32(00000020,?), ref: 00568CB2
                                                                                                  • Part of subcall function 00568C95: GetLastError.KERNEL32 ref: 00568CF6
                                                                                                  • Part of subcall function 00568C95: CloseHandle.KERNEL32(?), ref: 00568D05
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$CloseCurrentHandleProcess
                                                                                                • String ID: SeRestorePrivilege$SeSecurityPrivilege$TX
                                                                                                • API String ID: 1245819386-3103595474
                                                                                                • Opcode ID: fdf9b200bc414342052bfe7bbcd51e6f94f394de0bb4ffe4f954edf38de16343
                                                                                                • Instruction ID: 70db0dd2e54b2409b6dc93c1a2c99dd18b9c54e23de5f823a07f277b94514049
                                                                                                • Opcode Fuzzy Hash: fdf9b200bc414342052bfe7bbcd51e6f94f394de0bb4ffe4f954edf38de16343
                                                                                                • Instruction Fuzzy Hash: DC41B071A04249AFDF20EF649C49BFE7FB8FB59304F040159F906A7281DBB45E488B61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058EFD8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00586F64,00000000,00000000,00587F99,?,00587F99,?,00000001,00586F64,?,00000001,00587F99,00587F99), ref: 0058F025
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0058F0AE
                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0058F0C0
                                                                                                • __freea.LIBCMT ref: 0058F0C9
                                                                                                  • Part of subcall function 0058BC8E: RtlAllocateHeap.NTDLL(00000000,?,?,?,00586A24,?,0000015D,?,?,?,?,00587F00,000000FF,00000000,?,?), ref: 0058BCC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                • String ID:
                                                                                                • API String ID: 2652629310-0
                                                                                                • Opcode ID: e3fd3bfd6db0e89d8cfdb02c266ca3ecf0f5fd504202992b6508bad7c6e4e87d
                                                                                                • Instruction ID: 47a752d5f975508d35aa5a5aae8e391f0acc9be9ba30ecf78356bdd44e9e87a9
                                                                                                • Opcode Fuzzy Hash: e3fd3bfd6db0e89d8cfdb02c266ca3ecf0f5fd504202992b6508bad7c6e4e87d
                                                                                                • Instruction Fuzzy Hash: EB31BD72A0020AAFDF24AF64DC49DAE7FA5FB48310B154229FC05A7292E735DD54DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057C5F3 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 0057C5F6
                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0057C605
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0057C613
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0057C621
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDevice$Release
                                                                                                • String ID:
                                                                                                • API String ID: 1035833867-0
                                                                                                • Opcode ID: d7ea8b58e89bf0cb2b23b9b7ce7fa847352448b673d0d35121b03a7626ad6b4d
                                                                                                • Instruction ID: 361b27478afc679e216580fe63cd427bb4d97cb35bcd8c58bab264f3e795778e
                                                                                                • Opcode Fuzzy Hash: d7ea8b58e89bf0cb2b23b9b7ce7fa847352448b673d0d35121b03a7626ad6b4d
                                                                                                • Instruction Fuzzy Hash: 6DE0EC71989A68ABD7211B65BC1DF963F54EB2E713F044005FA05A6690CAB04808EFD4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058D808 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0058D974
                                                                                                  • Part of subcall function 00586676: IsProcessorFeaturePresent.KERNEL32(00000017,00586648,00000000,0058B5F4,00000000,00000000,00000000,00000016,?,?,00586655,00000000,00000000,00000000,00000000,00000000), ref: 00586678
                                                                                                  • Part of subcall function 00586676: GetCurrentProcess.KERNEL32(C0000417,0058B5F4,00000000,?,00000003,0058BA28), ref: 0058669A
                                                                                                  • Part of subcall function 00586676: TerminateProcess.KERNEL32(00000000,?,00000003,0058BA28), ref: 005866A1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                • String ID: *?$.
                                                                                                • API String ID: 2667617558-3972193922
                                                                                                • Opcode ID: d880ea29d1525385f5bc4d26a230f40480b8b7b7c38aab8f8975374564cc868a
                                                                                                • Instruction ID: f4d822ebf9ed0023f455fb9ec60a256f318906d6aca64c8aa383a597f77bb1d3
                                                                                                • Opcode Fuzzy Hash: d880ea29d1525385f5bc4d26a230f40480b8b7b7c38aab8f8975374564cc868a
                                                                                                • Instruction Fuzzy Hash: 5D517075E0011AEFDF14EFA9C881AADBBF5FF98310F244169E855F7341E6319A018B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D76E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: }
                                                                                                • API String ID: 176396367-4239843852
                                                                                                • Opcode ID: e0911ca8f76912d0d991d98f2e9199904dff9ebf6f7f4050d1fa38bc55d1afd0
                                                                                                • Instruction ID: c530d6c98279eaf64e7733993f56a631d59545c5b6828e391610271e594ba07f
                                                                                                • Opcode Fuzzy Hash: e0911ca8f76912d0d991d98f2e9199904dff9ebf6f7f4050d1fa38bc55d1afd0
                                                                                                • Instruction Fuzzy Hash: 2E21AE3290430A5AD725EB64E849A6BBBFCFFC4710F40442AF988D3141EA60E94897F3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057CEBF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0057D392: GetCurrentProcess.KERNEL32(00020008,?), ref: 0057D3A1
                                                                                                  • Part of subcall function 0057D392: GetLastError.KERNEL32 ref: 0057D3CC
                                                                                                • CreateDirectoryW.KERNEL32(?,?), ref: 0057CF61
                                                                                                • LocalFree.KERNEL32(?), ref: 0057CF6F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                • String ID: X
                                                                                                • API String ID: 1077098981-1346631187
                                                                                                • Opcode ID: 6ea3ae8734f0fb7ff301c42647b0a229eed9b46d3388b617640bf62a8787838d
                                                                                                • Instruction ID: 3bd9a8bc86b7698a14c660df64b0959869e707ac49c936637f88c6500cab41eb
                                                                                                • Opcode Fuzzy Hash: 6ea3ae8734f0fb7ff301c42647b0a229eed9b46d3388b617640bf62a8787838d
                                                                                                • Instruction Fuzzy Hash: 2A21C7B190020DAFDB10DFA5E9899EE7BBCFB58340F50812AF815E2150D734DA19DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057136B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 005712F6: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00571315
                                                                                                  • Part of subcall function 005712F6: GetProcAddress.KERNEL32(005AC1F0,CryptUnprotectMemory), ref: 00571325
                                                                                                • GetCurrentProcessId.KERNEL32(?,00000200,?,00571366), ref: 005713F9
                                                                                                Strings
                                                                                                • CryptUnprotectMemory failed, xrefs: 005713F1
                                                                                                • CryptProtectMemory failed, xrefs: 005713B0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$CurrentProcess
                                                                                                • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                • API String ID: 2190909847-396321323
                                                                                                • Opcode ID: 1ff4baa6cee90a1bf7f2dfce276ed59ca7ab9a2655eac9bb6b6334b60eb88f54
                                                                                                • Instruction ID: 55830367c9b4a9003a8c2d97ccc8ebf8c308cbfa4feafcfc0801d2cb547e1d71
                                                                                                • Opcode Fuzzy Hash: 1ff4baa6cee90a1bf7f2dfce276ed59ca7ab9a2655eac9bb6b6334b60eb88f54
                                                                                                • Instruction Fuzzy Hash: CD115631600A25ABDF25AB38EC0596E3F68FF51B24B04C126FC196B252DA30AD45B6D8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0056D8AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _swprintf.LIBCMT ref: 0056D8D3
                                                                                                  • Part of subcall function 00564C00: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00564C13
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: __vswprintf_c_l_swprintf
                                                                                                • String ID: %c:\
                                                                                                • API String ID: 1543624204-3142399695
                                                                                                • Opcode ID: 74fea14c3364178fba02ac5a7ba1e3753d5fc1d374d8e8e85a9f55e1cb3bf298
                                                                                                • Instruction ID: 987d12373bec97cc63f13790f0bcf929fdab496545db08586754fbbf964f9aa8
                                                                                                • Opcode Fuzzy Hash: 74fea14c3364178fba02ac5a7ba1e3753d5fc1d374d8e8e85a9f55e1cb3bf298
                                                                                                • Instruction Fuzzy Hash: 0F01F563A0431279DB207B759C4AD6BAFBCFED5B60741481AF844D3192EA20D840CBB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005810F9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0058130A
                                                                                                • ___raise_securityfailure.LIBCMT ref: 005813F2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                • String ID: 8]\
                                                                                                • API String ID: 3761405300-3102823420
                                                                                                • Opcode ID: c8ba3e0b44e795bb20ce75f30db834bf6cdc0a7a9fc506a23824f787833caffc
                                                                                                • Instruction ID: 4d1d4b382d2ce578af7bcec292a1aaf63374d4855b8a05d07fd852b1fe8b667d
                                                                                                • Opcode Fuzzy Hash: c8ba3e0b44e795bb20ce75f30db834bf6cdc0a7a9fc506a23824f787833caffc
                                                                                                • Instruction Fuzzy Hash: 102105B5510F009FD311DF95E885A543BA8FB28310F5050AAEA09CB2A0F3B06AC9EB44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0057D392 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00020008,?), ref: 0057D3A1
                                                                                                • GetLastError.KERNEL32 ref: 0057D3CC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentErrorLastProcess
                                                                                                • String ID: @X
                                                                                                • API String ID: 335030130-1000945245
                                                                                                • Opcode ID: 827114c041be420b4823157e59b1dd078ba43cfc28922602f0dd038299b8a683
                                                                                                • Instruction ID: 4edd17199151635332f3a756a636fed02aff032b70820f59b1b678ba80576e12
                                                                                                • Opcode Fuzzy Hash: 827114c041be420b4823157e59b1dd078ba43cfc28922602f0dd038299b8a683
                                                                                                • Instruction Fuzzy Hash: 3C010575510208BFDF115BA5EC89EEE7F79FF19350B104466FA05A1050EAB29A48AB70
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058E19E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058B9A5: GetLastError.KERNEL32(?,005A50C4,00586E12,005A50C4,?,?,0058688D,?,?,005A50C4), ref: 0058B9A9
                                                                                                  • Part of subcall function 0058B9A5: _free.LIBCMT ref: 0058B9DC
                                                                                                  • Part of subcall function 0058B9A5: SetLastError.KERNEL32(00000000,?,005A50C4), ref: 0058BA1D
                                                                                                  • Part of subcall function 0058B9A5: _abort.LIBCMT ref: 0058BA23
                                                                                                • _abort.LIBCMT ref: 0058E1D0
                                                                                                • _free.LIBCMT ref: 0058E204
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast_abort_free
                                                                                                • String ID: p,Z
                                                                                                • API String ID: 289325740-423584262
                                                                                                • Opcode ID: f6becc82579b236333ca3151667ff59fcdd66984775de2bd463b545234be70ad
                                                                                                • Instruction ID: 66593428416f84116e9ec97cda9d1053c0e120875eb90d985e76420d2c695955
                                                                                                • Opcode Fuzzy Hash: f6becc82579b236333ca3151667ff59fcdd66984775de2bd463b545234be70ad
                                                                                                • Instruction Fuzzy Hash: 92016D75D01A22DBCB21BF5CC80726DBB78BB59B20B15021AEC6677680CB706D428FC1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00581405 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00581410
                                                                                                • ___raise_securityfailure.LIBCMT ref: 005814CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                • String ID: 8]\
                                                                                                • API String ID: 3761405300-3102823420
                                                                                                • Opcode ID: 4709f4b1441fc5e000cfa92acf04607a6108cf2e9d9d276b676e4c8b56d0ab13
                                                                                                • Instruction ID: b7afe974cbc5aaf0a18465512f5406b04eb8f7e45807cb3a6f36c7b2b923f838
                                                                                                • Opcode Fuzzy Hash: 4709f4b1441fc5e000cfa92acf04607a6108cf2e9d9d276b676e4c8b56d0ab13
                                                                                                • Instruction Fuzzy Hash: 6511C0B5510F04DFC711DF95E885A453BB9FB28300B4060AAE9098B371F3B0ABC9AF45
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0058AABA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 0058E580: GetEnvironmentStringsW.KERNEL32 ref: 0058E589
                                                                                                  • Part of subcall function 0058E580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0058E5AC
                                                                                                  • Part of subcall function 0058E580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0058E5D2
                                                                                                  • Part of subcall function 0058E580: _free.LIBCMT ref: 0058E5E5
                                                                                                  • Part of subcall function 0058E580: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0058E5F4
                                                                                                • _free.LIBCMT ref: 0058AB00
                                                                                                • _free.LIBCMT ref: 0058AB07
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                • String ID: pb\
                                                                                                • API String ID: 400815659-2661721528
                                                                                                • Opcode ID: e2aa10e887c351075cf9797ea36c07d4f681d0dfc7597506ba0e764824ab9478
                                                                                                • Instruction ID: 10946fba96818baa7edcccd53690a5f9d35c687249678d61592d7ff812d26f0b
                                                                                                • Opcode Fuzzy Hash: e2aa10e887c351075cf9797ea36c07d4f681d0dfc7597506ba0e764824ab9478
                                                                                                • Instruction Fuzzy Hash: 4FE0E526A0541259F769767EAC0BEAF0D69BBC2371B11061BFD20B75C2EE9088055393
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005730CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,005731E7,?,?,0057325F,?,?,?,?,?,00573249), ref: 005730D0
                                                                                                • GetLastError.KERNEL32(?,?,0057325F,?,?,?,?,?,00573249), ref: 005730DC
                                                                                                  • Part of subcall function 00567BAD: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00567BD5
                                                                                                Strings
                                                                                                • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 005730E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                • API String ID: 1091760877-2248577382
                                                                                                • Opcode ID: 0c7268d7d006a43abfe168b08d2334a4b8c22a62f462316ab64efd967628e633
                                                                                                • Instruction ID: e48be9ffd1c214da7903a02410704cc6f617f98e4e1654fadb25342d93d2c32a
                                                                                                • Opcode Fuzzy Hash: 0c7268d7d006a43abfe168b08d2334a4b8c22a62f462316ab64efd967628e633
                                                                                                • Instruction Fuzzy Hash: 45D02E3140C83933CA0133246C0EC6E3E08BBA2331F614345F139661F0EF204D45A2D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 005701FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,0056F951,?), ref: 005701FF
                                                                                                • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0056F951,?), ref: 0057020D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2021990414.0000000000561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2021843297.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022019779.0000000000596000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022039022.00000000005C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2022100190.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_560000_qdHMT36Tn9.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindHandleModuleResource
                                                                                                • String ID: RTL
                                                                                                • API String ID: 3537982541-834975271
                                                                                                • Opcode ID: 4fc82b5b63960a6b237540e21248a1f1a1aab8e3b27f4a0b36a53f6c3ca9a11b
                                                                                                • Instruction ID: 2abde86736b90df5f09f3be42f4fe35337aef8a5db8375570317a6632b6a128a
                                                                                                • Opcode Fuzzy Hash: 4fc82b5b63960a6b237540e21248a1f1a1aab8e3b27f4a0b36a53f6c3ca9a11b
                                                                                                • Instruction Fuzzy Hash: A9C0123124075096DA3057717C4DB872E587B10711F060459B545DA1C1D6EBC84D9660
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:14%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:3
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 10878 7ff848f27460 10879 7ff848f2746f SendARP 10878->10879 10881 7ff848f27548 10879->10881

                                                                                                Executed Functions

                                                                                                Function 00007FF848F27460 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 223 7ff848f27460-7ff848f27501 228 7ff848f2750b-7ff848f27546 SendARP 223->228 229 7ff848f27503-7ff848f27508 223->229 230 7ff848f27548 228->230 231 7ff848f2754e-7ff848f27577 228->231 229->228 230->231 232 7ff848f27579-7ff848f27581 231->232 233 7ff848f27582-7ff848f2759c 231->233 232->233 235 7ff848f2759e-7ff848f27610 233->235 236 7ff848f27613-7ff848f27625 233->236 235->236
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2058621585.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_7ff848f10000_1.jbxd
                                                                                                Similarity
                                                                                                • API ID: Send
                                                                                                • String ID:
                                                                                                • API String ID: 121738739-0
                                                                                                • Opcode ID: 0532b33d1758d8ae2f0887e35b2a2fa849b1c835dec0241e850c07b03c2b70fb
                                                                                                • Instruction ID: a54f5380824346861f387c9a2b3dc239e1557fc9eeea905471224f928fab3e36
                                                                                                • Opcode Fuzzy Hash: 0532b33d1758d8ae2f0887e35b2a2fa849b1c835dec0241e850c07b03c2b70fb
                                                                                                • Instruction Fuzzy Hash: 3461E33090DA888FD71AEB7898596A9BFF0EF56320F0941EFD049CB1A3DB645849C752
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:18%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:9.8%
                                                                                                Total number of Nodes:174
                                                                                                Total number of Limit Nodes:8
                                                                                                execution_graph 6370 1120f90 KiUserExceptionDispatcher 6371 1120fc4 6370->6371 6372 12f0d2a 6373 12f0d62 WSASocketW 6372->6373 6375 12f0d9e 6373->6375 6376 12f15aa 6379 12f15df shutdown 6376->6379 6378 12f1608 6379->6378 6524 dda09a 6525 dda0cf send 6524->6525 6526 dda107 6524->6526 6527 dda0dd 6525->6527 6526->6525 6528 ddb89a 6531 ddb8c9 AdjustTokenPrivileges 6528->6531 6530 ddb8eb 6531->6530 6532 12f1866 6533 12f18a1 getaddrinfo 6532->6533 6535 12f1913 6533->6535 6536 12f32e6 6539 12f331b SetProcessWorkingSetSize 6536->6539 6538 12f3347 6539->6538 6540 12f2ae6 6541 12f2b1e RegCreateKeyExW 6540->6541 6543 12f2b90 6541->6543 6380 ddadd2 6382 ddae0a CreateFileW 6380->6382 6383 ddae59 6382->6383 6544 dda392 6547 dda3c7 RegQueryValueExW 6544->6547 6546 dda41b 6547->6546 6384 dda74e 6385 dda77a FindCloseChangeNotification 6384->6385 6387 dda7b9 6384->6387 6386 dda788 6385->6386 6387->6385 6548 ddab8e 6549 ddabb7 SetFileAttributesW 6548->6549 6551 ddabd3 6549->6551 6552 ddbb0e 6554 ddbb43 GetExitCodeProcess 6552->6554 6555 ddbb6c 6554->6555 6556 12f177a 6558 12f17af GetProcessTimes 6556->6558 6559 12f17e1 6558->6559 6388 ddbeca 6389 ddbeff NtQuerySystemInformation 6388->6389 6390 ddbf2a 6388->6390 6391 ddbf14 6389->6391 6390->6389 6560 ddad0a 6561 ddad33 CopyFileW 6560->6561 6563 ddad5a 6561->6563 6392 12f2cb6 6394 12f2ceb ioctlsocket 6392->6394 6395 12f2d17 6394->6395 6396 dda646 6397 dda67e CreateMutexW 6396->6397 6399 dda6c1 6397->6399 6564 ddaa86 6566 ddaabe RegOpenKeyExW 6564->6566 6567 ddab14 6566->6567 6568 dda486 6569 dda4bb RegSetValueExW 6568->6569 6571 dda507 6569->6571 6572 ddbe06 6573 ddbe32 K32EnumProcesses 6572->6573 6575 ddbe4e 6573->6575 6400 12f0032 6401 12f00a8 6400->6401 6402 12f0070 DuplicateHandle 6400->6402 6401->6402 6403 12f007e 6402->6403 6576 12f1df2 6577 12f1e2d LoadLibraryA 6576->6577 6579 12f1e6a 6577->6579 6407 dda2fe 6408 dda32a SetErrorMode 6407->6408 6409 dda353 6407->6409 6410 dda33f 6408->6410 6409->6408 6580 dda93a 6581 dda99f 6580->6581 6582 dda969 WaitForInputIdle 6580->6582 6581->6582 6583 dda977 6582->6583 6411 12f1306 6412 12f133e MapViewOfFile 6411->6412 6414 12f138d 6412->6414 6584 12f1a46 6585 12f1a7b WSAConnect 6584->6585 6587 12f1a9a 6585->6587 6415 1121638 6416 1121282 6415->6416 6421 1121722 6416->6421 6429 112170f 6416->6429 6437 11216f1 6416->6437 6445 1121680 6416->6445 6422 1121729 6421->6422 6453 1120310 6422->6453 6425 1120310 2 API calls 6426 1121846 6425->6426 6427 112186c 6426->6427 6457 1122130 6426->6457 6430 1121716 6429->6430 6431 1120310 2 API calls 6430->6431 6432 11217dd 6431->6432 6433 1120310 2 API calls 6432->6433 6434 1121846 6433->6434 6435 112186c 6434->6435 6436 1122130 2 API calls 6434->6436 6436->6435 6438 11216f8 6437->6438 6439 1120310 2 API calls 6438->6439 6440 11217dd 6439->6440 6441 1120310 2 API calls 6440->6441 6442 1121846 6441->6442 6443 112186c 6442->6443 6444 1122130 2 API calls 6442->6444 6444->6443 6446 11216bb 6445->6446 6447 1120310 2 API calls 6446->6447 6448 11217dd 6447->6448 6449 1120310 2 API calls 6448->6449 6450 1121846 6449->6450 6451 112186c 6450->6451 6452 1122130 2 API calls 6450->6452 6452->6451 6454 1120322 6453->6454 6455 1120348 6454->6455 6461 1121c27 6454->6461 6455->6425 6458 112215b 6457->6458 6459 11221a3 6458->6459 6474 112274a 6458->6474 6459->6427 6463 1121c2d 6461->6463 6462 1122101 6462->6455 6463->6462 6466 ddbbc8 6463->6466 6470 ddbbea 6463->6470 6467 ddbbea NtSetInformationProcess 6466->6467 6469 ddbc34 6467->6469 6469->6462 6471 ddbc1f NtSetInformationProcess 6470->6471 6472 ddbc4a 6470->6472 6473 ddbc34 6471->6473 6472->6471 6473->6462 6475 112277d 6474->6475 6479 12f1b66 6475->6479 6482 12f1ad2 6475->6482 6476 11227b8 6476->6459 6480 12f1bb6 GetVolumeInformationA 6479->6480 6481 12f1bbe 6480->6481 6481->6476 6483 12f1b0c GetVolumeInformationA 6482->6483 6485 12f1bbe 6483->6485 6485->6476 6486 12f3202 6488 12f3237 GetProcessWorkingSetSize 6486->6488 6489 12f3263 6488->6489 6588 12f0ac2 6590 12f0af7 ReadFile 6588->6590 6591 12f0b29 6590->6591 6490 11203bd 6491 11203c4 6490->6491 6492 11205bf 6491->6492 6493 1121c27 2 API calls 6491->6493 6493->6492 6494 dda172 6495 dda1c2 EnumWindows 6494->6495 6496 dda1ca 6495->6496 6497 ddb1ea 6498 ddb23a GetUserNameW 6497->6498 6499 ddb248 6498->6499 6500 ddaeea 6501 ddaf1f GetFileType 6500->6501 6503 ddaf4c 6501->6503 6592 12f1156 6593 12f118e ConvertStringSecurityDescriptorToSecurityDescriptorW 6592->6593 6595 12f11cf 6593->6595 6508 ddb5e6 6509 ddb60f LookupPrivilegeValueW 6508->6509 6511 ddb636 6509->6511 6512 12f2d92 6513 12f2dbb select 6512->6513 6515 12f2df0 6513->6515 6516 dda9e2 6517 ddaa0e OleInitialize 6516->6517 6518 ddaa44 6516->6518 6519 ddaa1c 6517->6519 6518->6517

                                                                                                Executed Functions

                                                                                                Function 00DDB863 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00DDB8E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustPrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 2874748243-0
                                                                                                • Opcode ID: f821d9416e9db88809abf3930c792019d5ebcb67680c6c95854eaacd4f5ef5de
                                                                                                • Instruction ID: dc10f969cbc435a3642c8e2095625549e8a38b994ff565edc0413d8b2bfb5674
                                                                                                • Opcode Fuzzy Hash: f821d9416e9db88809abf3930c792019d5ebcb67680c6c95854eaacd4f5ef5de
                                                                                                • Instruction Fuzzy Hash: 7221BF765097C09FDB228F25DC40B52BFB4EF16324F09849BE9858B263D370A908DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBE8F Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00DDBF05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationQuerySystem
                                                                                                • String ID:
                                                                                                • API String ID: 3562636166-0
                                                                                                • Opcode ID: 30f080ee0d6c22f969dba8f3ce728ad7901419ede36e932e31a9fe16a939965f
                                                                                                • Instruction ID: 511a46ebe3dedc7c20b4fbe61a11ef430a1fb82e968519d584623ebeeaf89b59
                                                                                                • Opcode Fuzzy Hash: 30f080ee0d6c22f969dba8f3ce728ad7901419ede36e932e31a9fe16a939965f
                                                                                                • Instruction Fuzzy Hash: F921A1754097C09FDB238B21DC45A51FFB4EF17324F0980DBE9848B163D265A909DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB89A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00DDB8E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustPrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 2874748243-0
                                                                                                • Opcode ID: 95f31dc85f293c0d9d358939b3e63a83e296cc54556d2e55fe8d473811d17e57
                                                                                                • Instruction ID: 44176656a235083eba00343cece2465147a30433bc15147294d7be52d5b9c344
                                                                                                • Opcode Fuzzy Hash: 95f31dc85f293c0d9d358939b3e63a83e296cc54556d2e55fe8d473811d17e57
                                                                                                • Instruction Fuzzy Hash: B2118C726002449FDB20CF15D844B66FBE8EF08324F0884ABED858B652D371E808DF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBBC8 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 00DDBC25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationProcess
                                                                                                • String ID:
                                                                                                • API String ID: 1801817001-0
                                                                                                • Opcode ID: ac038eb91b53c40f6b7c1047ba9d9d40fe98f0a6b14626ae5e707a82f655d120
                                                                                                • Instruction ID: 50d9404ddda889f88904baf9fc3d7ebbf1df968449ec998a4dbabfa2a51d2285
                                                                                                • Opcode Fuzzy Hash: ac038eb91b53c40f6b7c1047ba9d9d40fe98f0a6b14626ae5e707a82f655d120
                                                                                                • Instruction Fuzzy Hash: 8211AC71408380AFCB228F15DC45A62FFB4EF16324F09C49FED844B663C275A918DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB1EA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserNameW.ADVAPI32(?,00000E24,?,?), ref: 00DDB23A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameUser
                                                                                                • String ID:
                                                                                                • API String ID: 2645101109-0
                                                                                                • Opcode ID: 2f3e365c3db325c7274f8b686034cf671e07b1f7fddce8d1599c386c7bb16854
                                                                                                • Instruction ID: 46756942e84085001f8d3c5f873c50fa698a098c52b75a665d40293e138063c9
                                                                                                • Opcode Fuzzy Hash: 2f3e365c3db325c7274f8b686034cf671e07b1f7fddce8d1599c386c7bb16854
                                                                                                • Instruction Fuzzy Hash: 6001AD71600200ABD210DF16DC86B66FBF8FB89A20F14815AEC489BB42D771F955CBE6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBECA Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00DDBF05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationQuerySystem
                                                                                                • String ID:
                                                                                                • API String ID: 3562636166-0
                                                                                                • Opcode ID: c929e6fb6e8c44ace8e18ccd8e5e2c96e9974f263c6529704b8b174ddf3c89c0
                                                                                                • Instruction ID: 9944fe8eeb377b4193f8267cb11f3d6aa8be010107e29e288202c40a3ecaeaf3
                                                                                                • Opcode Fuzzy Hash: c929e6fb6e8c44ace8e18ccd8e5e2c96e9974f263c6529704b8b174ddf3c89c0
                                                                                                • Instruction Fuzzy Hash: 09015A35500244DFDB208F15D844B65FBA0EF18724F08C49BED854B752D376E458DEB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBBEA Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 00DDBC25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationProcess
                                                                                                • String ID:
                                                                                                • API String ID: 1801817001-0
                                                                                                • Opcode ID: c929e6fb6e8c44ace8e18ccd8e5e2c96e9974f263c6529704b8b174ddf3c89c0
                                                                                                • Instruction ID: 8fb27c339bf07f2f45787cbbedab7972e533e3da4a21d98113c1d8a53a2ae70a
                                                                                                • Opcode Fuzzy Hash: c929e6fb6e8c44ace8e18ccd8e5e2c96e9974f263c6529704b8b174ddf3c89c0
                                                                                                • Instruction Fuzzy Hash: 9C015675500244DFDB208F19D884B61FBA0FB18724F08C0ABEE890A762C375E858DAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01120F90 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 714 1120f90-1120fcb KiUserExceptionDispatcher 717 1120fd3 714->717 718 1120fd5-112100e 717->718 722 1121010-1121012 718->722 723 112105d-1121060 718->723 747 1121014 call 1130606 722->747 748 1121014 call 1122b98 722->748 749 1121014 call 11305df 722->749 724 1121062-1121070 723->724 725 11210dd-11210fa 723->725 724->718 726 1121076-112107a 724->726 728 11210ce 726->728 729 112107c-112108d 726->729 727 112101a-1121029 731 112105a 727->731 732 112102b-1121030 call 1122f27 727->732 734 11210d8 728->734 729->725 737 112108f-112109f 729->737 731->723 733 1121036-1121052 732->733 733->731 734->717 738 11210c0-11210c6 737->738 739 11210a1-11210ac 737->739 738->728 739->725 742 11210ae-11210b8 739->742 742->738 747->727 748->727 749->727
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 01120FB7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480361964.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1120000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 5ee1cdf782d6b8b42d860ca55044dea939e008929b8f20c0e55ea00535666ae0
                                                                                                • Instruction ID: 6dd71902d5d31d6df97cfee42a810b28e0db750e51c984c4521829ce78822d61
                                                                                                • Opcode Fuzzy Hash: 5ee1cdf782d6b8b42d860ca55044dea939e008929b8f20c0e55ea00535666ae0
                                                                                                • Instruction Fuzzy Hash: 4541E6317002118FCB08DF79D8845AEB7E6EF84204B158879D809DB39ADF39DD46CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1AD2 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 751 12f1ad2-12f1bb8 GetVolumeInformationA 755 12f1bbe-12f1be7 751->755
                                                                                                APIs
                                                                                                • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 012F1BB6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationVolume
                                                                                                • String ID:
                                                                                                • API String ID: 2039140958-0
                                                                                                • Opcode ID: 8fbc2294c420f1b38a8ada305f81e396e52f78173d432da444f63e574703c61d
                                                                                                • Instruction ID: 7e82e495f33f2a9c8b255f6c49afc1dd371b37f01901a50529653f82f68675c9
                                                                                                • Opcode Fuzzy Hash: 8fbc2294c420f1b38a8ada305f81e396e52f78173d432da444f63e574703c61d
                                                                                                • Instruction Fuzzy Hash: 18415A6150E3C16FD3038B358C61AA2BFB8AF47214F0E85CBD8C4CF5A3D6246959C7A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01120F80 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 757 1120f80-1120fbd KiUserExceptionDispatcher 758 1120fc4-1120fcb 757->758 760 1120fd3 758->760 761 1120fd5-112100e 760->761 765 1121010-1121012 761->765 766 112105d-1121060 761->766 791 1121014 call 1130606 765->791 792 1121014 call 1122b98 765->792 793 1121014 call 11305df 765->793 767 1121062-1121070 766->767 768 11210dd-11210fa 766->768 767->761 769 1121076-112107a 767->769 771 11210ce 769->771 772 112107c-112108d 769->772 770 112101a-1121029 774 112105a 770->774 775 112102b-1121030 call 1122f27 770->775 777 11210d8 771->777 772->768 780 112108f-112109f 772->780 774->766 776 1121036-1121052 775->776 776->774 777->760 781 11210c0-11210c6 780->781 782 11210a1-11210ac 780->782 781->771 782->768 785 11210ae-11210b8 782->785 785->781 791->770 792->770 793->770
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 01120FB7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480361964.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1120000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 2d8280e64c39d531f5b91f1457870af4b50e1944683d3e777ea04d674bd5a032
                                                                                                • Instruction ID: 1a3315253285fbcf10ac58b429f99dc0155423311b03be29d740d55a6f8699f7
                                                                                                • Opcode Fuzzy Hash: 2d8280e64c39d531f5b91f1457870af4b50e1944683d3e777ea04d674bd5a032
                                                                                                • Instruction Fuzzy Hash: 144186717002118FCB18DF39C8946AEB7E6EF84204B598879D809DB39ADF39DD45CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2ABA Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 794 12f2aba-12f2b3e 798 12f2b43-12f2b4f 794->798 799 12f2b40 794->799 800 12f2b54-12f2b5d 798->800 801 12f2b51 798->801 799->798 802 12f2b5f 800->802 803 12f2b62-12f2b79 800->803 801->800 802->803 805 12f2bbb-12f2bc0 803->805 806 12f2b7b-12f2b8e RegCreateKeyExW 803->806 805->806 807 12f2bc2-12f2bc7 806->807 808 12f2b90-12f2bb8 806->808 807->808
                                                                                                APIs
                                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 012F2B81
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: cae2587b35329252abc2ae24d22a15061ac5f9cda62917afa0210c5e28a34ff2
                                                                                                • Instruction ID: 3502639fc6efd2223e117e68a8c1f2a6ca95899caa785c46a3602f1f8220dc33
                                                                                                • Opcode Fuzzy Hash: cae2587b35329252abc2ae24d22a15061ac5f9cda62917afa0210c5e28a34ff2
                                                                                                • Instruction Fuzzy Hash: D7315071504344AFE7228F55DC84FA6FFFCEF16210F08859AEA859B662D324E908CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0C17 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 813 12f0c17-12f0c37 814 12f0c59-12f0c8b 813->814 815 12f0c39-12f0c58 813->815 819 12f0c8e-12f0ce6 RegQueryValueExW 814->819 815->814 821 12f0cec-12f0d02 819->821
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 012F0CDE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: eb2b20af6a0a061b49811f49bd3f5f8a426d1c5ce1d15fc3b36e25d35d9cb2ed
                                                                                                • Instruction ID: 53cc65728fb209c905bff9d409f80ea4b3a39791a4ae2b0824041e05d47a1ea0
                                                                                                • Opcode Fuzzy Hash: eb2b20af6a0a061b49811f49bd3f5f8a426d1c5ce1d15fc3b36e25d35d9cb2ed
                                                                                                • Instruction Fuzzy Hash: F9317C6510E3C06FD3138B258C61A61BFB4EF47610F0E85CBE9C48F6A3D2696909D7B2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F31AC Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 822 12f31ac-12f3253 827 12f3255-12f325d GetProcessWorkingSetSize 822->827 828 12f32a0-12f32a5 822->828 830 12f3263-12f3275 827->830 828->827 831 12f32a7-12f32ac 830->831 832 12f3277-12f329d 830->832 831->832
                                                                                                APIs
                                                                                                • GetProcessWorkingSetSize.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F325B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessSizeWorking
                                                                                                • String ID:
                                                                                                • API String ID: 3584180929-0
                                                                                                • Opcode ID: 621e03c25190317a41e9be07e69856e167baa585908c34cd5aaa14ca14cae19c
                                                                                                • Instruction ID: 750b2a1dfde9006bd8720bd97c1f18f61313442c0da9091e3e306aad810c799a
                                                                                                • Opcode Fuzzy Hash: 621e03c25190317a41e9be07e69856e167baa585908c34cd5aaa14ca14cae19c
                                                                                                • Instruction Fuzzy Hash: 4E3169755093C05FEB138B648C55B96BFB8AF07210F0984EBE984CB1A3D664A809C772
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1844 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 835 12f1844-12f1903 841 12f1955-12f195a 835->841 842 12f1905-12f190d getaddrinfo 835->842 841->842 844 12f1913-12f1925 842->844 845 12f195c-12f1961 844->845 846 12f1927-12f1952 844->846 845->846
                                                                                                APIs
                                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 012F190B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: getaddrinfo
                                                                                                • String ID:
                                                                                                • API String ID: 300660673-0
                                                                                                • Opcode ID: e46b45ca2f1054d746ad45cd7abcd697bf3ffc514d5d8c7537531d36172d6412
                                                                                                • Instruction ID: 5d73156e4a8baf760fc272a4af285f31fc04f7cef80d076a569827ae55f4a42a
                                                                                                • Opcode Fuzzy Hash: e46b45ca2f1054d746ad45cd7abcd697bf3ffc514d5d8c7537531d36172d6412
                                                                                                • Instruction Fuzzy Hash: 7731B1B2504344AFE721CB51CC44FA6FBECEF05314F04889AFA889B692D374A948CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAA52 Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 850 ddaa52-ddaab8 852 ddaabe-ddaacf 850->852 853 ddaad5-ddaae1 852->853 854 ddaae6-ddaafd 853->854 855 ddaae3 853->855 857 ddab3f-ddab44 854->857 858 ddaaff-ddab12 RegOpenKeyExW 854->858 855->854 857->858 859 ddab14-ddab3c 858->859 860 ddab46-ddab4b 858->860 860->859
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 00DDAB05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Open
                                                                                                • String ID:
                                                                                                • API String ID: 71445658-0
                                                                                                • Opcode ID: d4bf2b1d65db12578fbf49f94125892c8dcfd3ed05c51114bd7490ef32a28fa0
                                                                                                • Instruction ID: 7316da92fe57e9c91c2c72ffaf53b7e6cd222b4672f260104d5163ad8e505f58
                                                                                                • Opcode Fuzzy Hash: d4bf2b1d65db12578fbf49f94125892c8dcfd3ed05c51114bd7490ef32a28fa0
                                                                                                • Instruction Fuzzy Hash: 563195714083846FE7228B55DC44FA6BFBCEF06314F09849BE9848B653D264A909CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F173C Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessTimes.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F17D9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessTimes
                                                                                                • String ID:
                                                                                                • API String ID: 1995159646-0
                                                                                                • Opcode ID: 84171b18a0d95ef479edc51c5a73cc939bc9c6fc8c7150f60db4ebc03b0fe840
                                                                                                • Instruction ID: 6582cc34a4a56bb95d869102ba3167a8b5f49bb66c5af390750bb4063361dece
                                                                                                • Opcode Fuzzy Hash: 84171b18a0d95ef479edc51c5a73cc939bc9c6fc8c7150f60db4ebc03b0fe840
                                                                                                • Instruction Fuzzy Hash: 3131D7725093809FE712CF65DC45B96BFB8EF16314F0884AEE9858B193D325A909CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateMutexW.KERNEL32(?,?), ref: 00DDA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 90d85a3471128baa4faa759f41dd8a7d9fbf1fe82491b691b371440b8ba311f5
                                                                                                • Instruction ID: 1bb8a38d809a4f944634e1bef6557484f6dc9550120828cffe0656df4b0ae867
                                                                                                • Opcode Fuzzy Hash: 90d85a3471128baa4faa759f41dd8a7d9fbf1fe82491b691b371440b8ba311f5
                                                                                                • Instruction Fuzzy Hash: 2E3181B55097806FE711CB25DC45B96BFF8EF06314F08849AE984CB292D375E909CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1130 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 012F11C7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                                • String ID:
                                                                                                • API String ID: 3907675253-0
                                                                                                • Opcode ID: ba6b62edbf47852b1a07aba78a3d6b31798888b5cd2afc60383902169e06a9b4
                                                                                                • Instruction ID: dba3a0025a4a1b67dc97082e3b4bc129897517fed49e70a153ac32b33ef7510d
                                                                                                • Opcode Fuzzy Hash: ba6b62edbf47852b1a07aba78a3d6b31798888b5cd2afc60383902169e06a9b4
                                                                                                • Instruction Fuzzy Hash: D6318471504385AFE721CB65DC45FA7FFF8EF05214F0884AAE984DB552D374A818CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB189 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserNameW.ADVAPI32(?,00000E24,?,?), ref: 00DDB23A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameUser
                                                                                                • String ID:
                                                                                                • API String ID: 2645101109-0
                                                                                                • Opcode ID: 41792bc952358564b72ddeccd94f4dd1029de39928dc52b34348b45d00b54173
                                                                                                • Instruction ID: 6eed9d87a0d357cdc76dc2756de441924480abb087ba71b94a1ddea0a79257e9
                                                                                                • Opcode Fuzzy Hash: 41792bc952358564b72ddeccd94f4dd1029de39928dc52b34348b45d00b54173
                                                                                                • Instruction Fuzzy Hash: 6631417154E3C06FD3138B259C61B61BFB5EF87610F0E81CBD8848B5A3D6296919CBB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBAD0 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetExitCodeProcess.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDBB64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CodeExitProcess
                                                                                                • String ID:
                                                                                                • API String ID: 3861947596-0
                                                                                                • Opcode ID: fc5b426a741b3158fb06c08ddfcf191b3267d94038863df2333918a6d16fa4e2
                                                                                                • Instruction ID: cc72ba344c917be3ec99bb477d606bf92ae9b03e3d87fed67b43fbf80e0362bb
                                                                                                • Opcode Fuzzy Hash: fc5b426a741b3158fb06c08ddfcf191b3267d94038863df2333918a6d16fa4e2
                                                                                                • Instruction Fuzzy Hash: 7A21B1B15093806FE7128B21DC45BA6BFB8EF46324F0984DBE984CF193D264A909CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDADAD Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00DDAE51
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 501bfca6b896acfa59e547bfcb5e0e35a7772d3ea58b5805728addb05bd22da6
                                                                                                • Instruction ID: b97e57f0c05c5646c51c35e4b53b2240d7c4807deb286614effb170bb083a966
                                                                                                • Opcode Fuzzy Hash: 501bfca6b896acfa59e547bfcb5e0e35a7772d3ea58b5805728addb05bd22da6
                                                                                                • Instruction Fuzzy Hash: E8315E71504344AFE721CF65DC85F56BBE8EF05314F08849EE9858B652D375E808CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2AE6 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 012F2B81
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 414bdf8237dde50ab0e2a2a3f35aec4e5b37083320abe858c965532032947632
                                                                                                • Instruction ID: 34899855cd9f9c596297dc4896e1a5259c11c75b000de7bf9c1af4872ac50d69
                                                                                                • Opcode Fuzzy Hash: 414bdf8237dde50ab0e2a2a3f35aec4e5b37083320abe858c965532032947632
                                                                                                • Instruction Fuzzy Hash: 07219E72500208AFEB218E15DC81FA7FBECEF19614F04846AEE85D7652E734E508CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 0848bccffb7e8600567e6ae7226d13e34cfe5a62e3e1c521d1aafcd0c1ca47a1
                                                                                                • Instruction ID: f995bff2371d93bd0998ef89d0a31d422419f845e02273fd3027938e786a6b21
                                                                                                • Opcode Fuzzy Hash: 0848bccffb7e8600567e6ae7226d13e34cfe5a62e3e1c521d1aafcd0c1ca47a1
                                                                                                • Instruction Fuzzy Hash: 7F318075504784AFD722CF55CC84F92BBF8EF06710F08849AE9858B292D364E909CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1866 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 012F190B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: getaddrinfo
                                                                                                • String ID:
                                                                                                • API String ID: 300660673-0
                                                                                                • Opcode ID: d6e6dc4e022b57a09bc9c140de45dd1f5d0f113d6356ffc0b29d1f76ed18f260
                                                                                                • Instruction ID: 1047cf5879561e0a8d52b1e0ba83f30339308e0d9fde07cab5ba269f2860b87b
                                                                                                • Opcode Fuzzy Hash: d6e6dc4e022b57a09bc9c140de45dd1f5d0f113d6356ffc0b29d1f76ed18f260
                                                                                                • Instruction Fuzzy Hash: 0521A372500205AFEB21DF61DC45FA6F7ECEF04714F04885AFA899A681D7B4A548CFB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA120 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnumWindows.USER32(?,00000E24,?,?), ref: 00DDA1C2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnumWindows
                                                                                                • String ID:
                                                                                                • API String ID: 1129996299-0
                                                                                                • Opcode ID: 66da86929fbae9159787d54d3be652ae8cfce2375f35da3dd2d363f2f543e686
                                                                                                • Instruction ID: 55874024b439e54e15309c05dba3d06e3308c2bdd0448ae2a2789d2578e8ebaf
                                                                                                • Opcode Fuzzy Hash: 66da86929fbae9159787d54d3be652ae8cfce2375f35da3dd2d363f2f543e686
                                                                                                • Instruction Fuzzy Hash: 1821AE7150D3C06FD3028B658C61BA6BFB4EF87610F1984CBD8C4DF693D225A919CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2D59 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: select
                                                                                                • String ID:
                                                                                                • API String ID: 1274211008-0
                                                                                                • Opcode ID: 174ae9f197a297d4546e2e6e0d133e27e658c704bbe0f32a5d84f2703028f202
                                                                                                • Instruction ID: 69c5f298302882136ec7a591a2f0581f35c8f6919fb68a03f5d53fc0e59ed871
                                                                                                • Opcode Fuzzy Hash: 174ae9f197a297d4546e2e6e0d133e27e658c704bbe0f32a5d84f2703028f202
                                                                                                • Instruction Fuzzy Hash: 84215E755083849FD722CF25DC44A92FFF8EF06214F0884EAEA84CB163D274E908CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAEA8 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileType.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDAF3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileType
                                                                                                • String ID:
                                                                                                • API String ID: 3081899298-0
                                                                                                • Opcode ID: 6b4e1ef90a55b99dd6058d17ea56dcc108d987e1541fb3557325d7cc0c986975
                                                                                                • Instruction ID: 469bce8b7ea382071744b9e1f7f73c07ac882b48e5995b861ec076d5eab9b761
                                                                                                • Opcode Fuzzy Hash: 6b4e1ef90a55b99dd6058d17ea56dcc108d987e1541fb3557325d7cc0c986975
                                                                                                • Instruction Fuzzy Hash: C621FBB54053805FD7128F25DC41BA2BFBCEF47724F0984D6E9808B2A3D264A909CB75
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: b2468d7f24e1b4bd7f68628b17118fec71c036660f1e7da719ed981612a78c06
                                                                                                • Instruction ID: a98ed9a8a3740c5be497804e403f85389dca28ac851fd0002389fd821406f69c
                                                                                                • Opcode Fuzzy Hash: b2468d7f24e1b4bd7f68628b17118fec71c036660f1e7da719ed981612a78c06
                                                                                                • Instruction Fuzzy Hash: E2218EB65043806FD7228F15DC44FA7BFB8EF46710F08849AE985CB652D264E848CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0D0A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 012F0D96
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Socket
                                                                                                • String ID:
                                                                                                • API String ID: 38366605-0
                                                                                                • Opcode ID: 80a6c47cacdaab1071c55a65bb57429edc0ac2ede5f9748d8d2053aaf50f4651
                                                                                                • Instruction ID: d0e8957cd2612eba2db8bbe32fc9b0303fb478814929cc5b6426dc672c61e54e
                                                                                                • Opcode Fuzzy Hash: 80a6c47cacdaab1071c55a65bb57429edc0ac2ede5f9748d8d2053aaf50f4651
                                                                                                • Instruction Fuzzy Hash: 3A218071509384AFD722CF55DC45F96FFF8EF06214F08889EE9858B692D375A808CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F12E6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileView
                                                                                                • String ID:
                                                                                                • API String ID: 3314676101-0
                                                                                                • Opcode ID: 664615f488e5a95b5d5e791af5d626bb60422165e24f1382d4bd27f464a6560e
                                                                                                • Instruction ID: 299e9ea06cf2987bfac6606b86c4860b5fd384050d3d63a30ff7f9abdd52b02a
                                                                                                • Opcode Fuzzy Hash: 664615f488e5a95b5d5e791af5d626bb60422165e24f1382d4bd27f464a6560e
                                                                                                • Instruction Fuzzy Hash: C121D171404380AFE722CF55CC44F96FFF8EF09224F04849EEA858B652D375A908CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDADD2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00DDAE51
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: d7a1b3bcd5e5decfb99c5201e115715800362a884a31a578e0e0868f89207393
                                                                                                • Instruction ID: 4dc129208642986d351985ceaf0b2517ca43304d8b3000aee61eecced3260714
                                                                                                • Opcode Fuzzy Hash: d7a1b3bcd5e5decfb99c5201e115715800362a884a31a578e0e0868f89207393
                                                                                                • Instruction Fuzzy Hash: 15214F71604244AFE721DF65DC45B66FBE8EF04724F08846AE9858B751D375E808CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F103E Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F10DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 62cbb85cc897ba6f24586dcc444dbd2f4366da30726a4e122bd82f51a15183c5
                                                                                                • Instruction ID: 9a39e06dbf9a1ff502640bb5d225b5d6df6d3bc4c7ceadf616c95462623aedc1
                                                                                                • Opcode Fuzzy Hash: 62cbb85cc897ba6f24586dcc444dbd2f4366da30726a4e122bd82f51a15183c5
                                                                                                • Instruction Fuzzy Hash: 02219C72504380AFE722CB15CC44F67FFF8AF45610F08849EEA859B292D324E808CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1156 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 012F11C7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                                • String ID:
                                                                                                • API String ID: 3907675253-0
                                                                                                • Opcode ID: 1d2e860438eb041e6a022c2ea89a214bc02f33e0dda92fff618affcf9654b349
                                                                                                • Instruction ID: 40e843ccf807e7312f0305adfc7618d704d1c78313848e4e582fdacb5170b9e7
                                                                                                • Opcode Fuzzy Hash: 1d2e860438eb041e6a022c2ea89a214bc02f33e0dda92fff618affcf9654b349
                                                                                                • Instruction Fuzzy Hash: 5E21C272600204AFE720DF65DC45BABFBECEF04214F04846AEE45DB652D374E418CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAA86 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 00DDAB05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Open
                                                                                                • String ID:
                                                                                                • API String ID: 71445658-0
                                                                                                • Opcode ID: 5ae14cd87f12a5b9003c1a99ac642e1572b0e85fc700cfdf7187b0f2443e52a4
                                                                                                • Instruction ID: a45956b149c40126ab5611f91f4cbc01d7fad0493fd60a0423cb89b439d96b5b
                                                                                                • Opcode Fuzzy Hash: 5ae14cd87f12a5b9003c1a99ac642e1572b0e85fc700cfdf7187b0f2443e52a4
                                                                                                • Instruction Fuzzy Hash: 8521BE72500204AEE7209F55DC44FAAFBECEF14324F08845AE9858B752D774E948CAB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F32C3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetProcessWorkingSetSize.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F333F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessSizeWorking
                                                                                                • String ID:
                                                                                                • API String ID: 3584180929-0
                                                                                                • Opcode ID: b49624ee9ddb135a41953032607547e3e9e6323d490ca2ab8c8ae5bbd01303f9
                                                                                                • Instruction ID: 4f1f8d88dac9588d6c12a0de85e8214b244f388bcf15a83501ab53c28cf6ff5f
                                                                                                • Opcode Fuzzy Hash: b49624ee9ddb135a41953032607547e3e9e6323d490ca2ab8c8ae5bbd01303f9
                                                                                                • Instruction Fuzzy Hash: 512195715093846FD712CB15DC45FA6FFA8EF45214F08C4AEE985CB252D374A908CBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateMutexW.KERNEL32(?,?), ref: 00DDA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 9f9a7b7bfe8b087400c0e43767002aa067bbbcb36464c44f0fcccf86bb7e5477
                                                                                                • Instruction ID: f44028e03432931931ca40d51340505265768c8c16214532bd5c2fd11e0eaf3c
                                                                                                • Opcode Fuzzy Hash: 9f9a7b7bfe8b087400c0e43767002aa067bbbcb36464c44f0fcccf86bb7e5477
                                                                                                • Instruction Fuzzy Hash: A3217F71604244AFE720CB29DC45BA6FBE8EF04724F08C46AE9858B741D375E809CA76
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F157D Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • shutdown.WS2_32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F1600
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: shutdown
                                                                                                • String ID:
                                                                                                • API String ID: 2510479042-0
                                                                                                • Opcode ID: 56db2b66ea39ed28266d922f0a02d76761358d29291f446a428b942b1d2f229a
                                                                                                • Instruction ID: 7ff2bfecd6a17141066a73e25acd8be1ec5db4c2ebb011263a42282910fbc19b
                                                                                                • Opcode Fuzzy Hash: 56db2b66ea39ed28266d922f0a02d76761358d29291f446a428b942b1d2f229a
                                                                                                • Instruction Fuzzy Hash: B02195B1509384AFD712CB15DC45B56FFB8EF46214F0884DBE984DB253C368A548CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB5B5 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00DDB62E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: LookupPrivilegeValue
                                                                                                • String ID:
                                                                                                • API String ID: 3899507212-0
                                                                                                • Opcode ID: 83419f7334b3ba470b057ffd465c71edcd3e73ef0558372c144576bd5250f0c1
                                                                                                • Instruction ID: 902a729e53d430394acffc49ad4ac459326dfe4b18d0019240ba0923e807509a
                                                                                                • Opcode Fuzzy Hash: 83419f7334b3ba470b057ffd465c71edcd3e73ef0558372c144576bd5250f0c1
                                                                                                • Instruction Fuzzy Hash: 03217F715083809FD7118B25DC95B92BFE8EF16224F0984EBE885CF263D264E808CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0AA2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadFile.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F0B21
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 1d30b9a028fc3872ea3b94ce0c34b6eddc2e4047e96122646a8e656cc4e6db1e
                                                                                                • Instruction ID: af2e8af183c5e16d70f8c3142d2e2ba85be1e36d3f920621f6c44f89af08152a
                                                                                                • Opcode Fuzzy Hash: 1d30b9a028fc3872ea3b94ce0c34b6eddc2e4047e96122646a8e656cc4e6db1e
                                                                                                • Instruction Fuzzy Hash: FF218071505384AFD722CF55DC44FA6FFB8EF45714F08849AE9858B152D374A408CBB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 911aeb97d7d681ace244a95c5af0bb16c9003cd501ac606ee76e91ed20602775
                                                                                                • Instruction ID: 3102311ae9d5cedd29c3348f2a31829db5241ba2c8cd50cfec6dbc2c44c484c3
                                                                                                • Opcode Fuzzy Hash: 911aeb97d7d681ace244a95c5af0bb16c9003cd501ac606ee76e91ed20602775
                                                                                                • Instruction Fuzzy Hash: ED216D756002049EE720CF59DC84FA6B7ECEF04720F08C46AE9858B751D7A4E949CA72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2C93 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ioctlsocket.WS2_32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F2D0F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ioctlsocket
                                                                                                • String ID:
                                                                                                • API String ID: 3577187118-0
                                                                                                • Opcode ID: f26269a9aecbafeef21f8c3b7042e50fdf2dd955b38a6f2ec37ae89d2ad2c83d
                                                                                                • Instruction ID: efb5ea03f915b6b91551cf2651fb8f3b207fb464dc0bd65fa5300f79cf884b73
                                                                                                • Opcode Fuzzy Hash: f26269a9aecbafeef21f8c3b7042e50fdf2dd955b38a6f2ec37ae89d2ad2c83d
                                                                                                • Instruction Fuzzy Hash: 3621A4715093846FD722CF15DC44F96FFB8EF46314F0884AAE9859B152C374A508CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAB4D Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFileAttributesW.KERNEL32(?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDABCB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 191bc6384fe7924fd95e73062f340c1436360018b2d1b55b5a0977552956779b
                                                                                                • Instruction ID: 710bf4a363bca8c6d464089048e08de23051671c4c6c47e01ae902a5c1135ecf
                                                                                                • Opcode Fuzzy Hash: 191bc6384fe7924fd95e73062f340c1436360018b2d1b55b5a0977552956779b
                                                                                                • Instruction Fuzzy Hash: 742192755093C45FDB11CB25D885B92BFA4EF07324F0D84EFE8858B267D264A849CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB930 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDB99C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 89c15573e43f357a2dfd17df5674e75f5fcaa7f2107e0b6fb556f40202eb37b4
                                                                                                • Instruction ID: 8c23456db64caaba701459b9bdbd48e5468dfe816485266bb4ae86f9d67e65e3
                                                                                                • Opcode Fuzzy Hash: 89c15573e43f357a2dfd17df5674e75f5fcaa7f2107e0b6fb556f40202eb37b4
                                                                                                • Instruction Fuzzy Hash: AF21D1725093C05FDB128B25DC54692BFB4AF03324F0D84DBED858F663D264A908CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA710 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDA780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 6aa55e72fbcf6fe4483e33a0dfd492024e412de5beeafa967937b5a109763098
                                                                                                • Instruction ID: 00c819c13adc19532378f7ba74f8101801f072aaa64f71fe0daca89403e5c8f3
                                                                                                • Opcode Fuzzy Hash: 6aa55e72fbcf6fe4483e33a0dfd492024e412de5beeafa967937b5a109763098
                                                                                                • Instruction Fuzzy Hash: A321D2B55043809FD711CF15ED85B52BFB8EF02324F0984ABEC458B293D375A905DBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0D2A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 012F0D96
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Socket
                                                                                                • String ID:
                                                                                                • API String ID: 38366605-0
                                                                                                • Opcode ID: 4234216fa0c266af14ac58c1351363da538a3a91a9f51261b9a1d6d19c74f6b9
                                                                                                • Instruction ID: 5a04eab22f0c924f13a7caff75b79d2778a268908f4527580964b950e49855da
                                                                                                • Opcode Fuzzy Hash: 4234216fa0c266af14ac58c1351363da538a3a91a9f51261b9a1d6d19c74f6b9
                                                                                                • Instruction Fuzzy Hash: AD21D171504204AFEB21CF55DC45BAAFBE5EF05324F0488AEEE858B692C375F408CB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1306 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileView
                                                                                                • String ID:
                                                                                                • API String ID: 3314676101-0
                                                                                                • Opcode ID: eff6bd2212126ec1d335634cfbfccdee4370ab5b9cf18339c73045d13c623219
                                                                                                • Instruction ID: 6d46ed3328b35ed0550fa90a20bba660dc12156dfcf3924eb62936fa0303d7a9
                                                                                                • Opcode Fuzzy Hash: eff6bd2212126ec1d335634cfbfccdee4370ab5b9cf18339c73045d13c623219
                                                                                                • Instruction Fuzzy Hash: DE21C372500244AFE721CF55DC45F96FBE8EF08224F04846DEA858BA51D375F558CFA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1A16 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 012F1A92
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Connect
                                                                                                • String ID:
                                                                                                • API String ID: 3144859779-0
                                                                                                • Opcode ID: 7f60b0126d4962f14346422537645bc8956bfac20e342c7e32d23cc9cb5e6fea
                                                                                                • Instruction ID: 01d7ed8495a0317b73e7e9557a60280098a48b4d71dff8a51759b1de5fcb50a4
                                                                                                • Opcode Fuzzy Hash: 7f60b0126d4962f14346422537645bc8956bfac20e342c7e32d23cc9cb5e6fea
                                                                                                • Instruction Fuzzy Hash: C3215E71508384AFDB22CF55DC44B62FFF4EF06610F08849EEA858B163D375A818DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1DD2 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 012F1E5B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 986be1e169934dad1a93487a87451b1843d328404236a34416e99ff17bcdffe9
                                                                                                • Instruction ID: bba4b9ad914813d399a4dbe26635a5de817c0fed0219b1c79c53ffc10208e784
                                                                                                • Opcode Fuzzy Hash: 986be1e169934dad1a93487a87451b1843d328404236a34416e99ff17bcdffe9
                                                                                                • Instruction Fuzzy Hash: 7211D671504380AFE721CF15DC85FA6FFB8DF46720F04809AFE849B292D274A948CB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 68ce2bdc94014b51fc80b20d9d0bbc97a19f3e2c34abe9628d563f5186aabb7e
                                                                                                • Instruction ID: d36690dd98c03460ed0ad84046f392b61b7341738e74ab44c44d2f118c0d269b
                                                                                                • Opcode Fuzzy Hash: 68ce2bdc94014b51fc80b20d9d0bbc97a19f3e2c34abe9628d563f5186aabb7e
                                                                                                • Instruction Fuzzy Hash: F1118176500604AFEB218E15DC45FA6FBECEF14724F08C45AED858B751D374E848CAB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F106A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F10DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 44e99c538a73f534205a9eda81bae5aa1f2bcd91990d60f381369c0daf346736
                                                                                                • Instruction ID: c775727a2aa62a13a0b67b7afcdb53f375df175dd3a608614328b543e6d5a51c
                                                                                                • Opcode Fuzzy Hash: 44e99c538a73f534205a9eda81bae5aa1f2bcd91990d60f381369c0daf346736
                                                                                                • Instruction Fuzzy Hash: EF119D76600204AEE721CE15DC41BA6FBE8EF04624F04C46EEE469B652D374E458CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDACE8 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CopyFileW.KERNEL32(?,?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDAD52
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CopyFile
                                                                                                • String ID:
                                                                                                • API String ID: 1304948518-0
                                                                                                • Opcode ID: f7f0d60f8d9f88623821697979a47dfc5a08dbb74edb28ba402a3af0fdc58220
                                                                                                • Instruction ID: 762d9033e30d17914176807cdb9a891e857bcdbbafc9fa723441958e71865b51
                                                                                                • Opcode Fuzzy Hash: f7f0d60f8d9f88623821697979a47dfc5a08dbb74edb28ba402a3af0fdc58220
                                                                                                • Instruction Fuzzy Hash: DC1130726053805FD721CF29DC85B56BFE8EF16610F0C84AAE985CB652E274E804CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0006 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012F0076
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: a0aabe6629dae2029719d8db607da589987d819f9ee7a3a2f63aec9f09257465
                                                                                                • Instruction ID: 4487539484d6261e90071ef1659daab9feca1fcafb1601c74d219dc035bbe2d1
                                                                                                • Opcode Fuzzy Hash: a0aabe6629dae2029719d8db607da589987d819f9ee7a3a2f63aec9f09257465
                                                                                                • Instruction Fuzzy Hash: 74219371409380AFDB228F65DC44A62FFF4EF46314F0884DEEE858B163D276A419DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F177A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessTimes.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F17D9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessTimes
                                                                                                • String ID:
                                                                                                • API String ID: 1995159646-0
                                                                                                • Opcode ID: cdfc3d6a60163709babe43d99acf25fa5a672214aefa6990c4f9e44be1a93a07
                                                                                                • Instruction ID: 09e2004ac6b3640a5f071cea64c8465766ac434d753573ea363a5e432ee5f54a
                                                                                                • Opcode Fuzzy Hash: cdfc3d6a60163709babe43d99acf25fa5a672214aefa6990c4f9e44be1a93a07
                                                                                                • Instruction Fuzzy Hash: F4119072600204AFEB21CF55DC45BAAFBE8EF04724F04C46EEE458B651D374E858CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F3202 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessWorkingSetSize.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F325B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessSizeWorking
                                                                                                • String ID:
                                                                                                • API String ID: 3584180929-0
                                                                                                • Opcode ID: 1d54f1a26431ad05d46f1c5438890079a1c93b4b76244043447b11e85d07074c
                                                                                                • Instruction ID: 1015c0555c0748b3369f623d778f3d6976b4ff63fd5d3cdea537072475e91694
                                                                                                • Opcode Fuzzy Hash: 1d54f1a26431ad05d46f1c5438890079a1c93b4b76244043447b11e85d07074c
                                                                                                • Instruction Fuzzy Hash: AC11B2755002049FEB21CF55DC45BAAF7E8EF44724F04C46AEE458B641D374A808CBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F32E6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetProcessWorkingSetSize.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F333F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProcessSizeWorking
                                                                                                • String ID:
                                                                                                • API String ID: 3584180929-0
                                                                                                • Opcode ID: 1d54f1a26431ad05d46f1c5438890079a1c93b4b76244043447b11e85d07074c
                                                                                                • Instruction ID: aae7e65f7b6b3993074aa7cf1b30bf4354bfef56ab24b8fd3f5c65574cd34a0a
                                                                                                • Opcode Fuzzy Hash: 1d54f1a26431ad05d46f1c5438890079a1c93b4b76244043447b11e85d07074c
                                                                                                • Instruction Fuzzy Hash: 6011B2725042049FEB21CF15DC45BAAF7E8EF04724F08C46EEE458B741D774A448CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBB0E Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetExitCodeProcess.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDBB64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CodeExitProcess
                                                                                                • String ID:
                                                                                                • API String ID: 3861947596-0
                                                                                                • Opcode ID: 1b3bfdd086fb0b2f5a9e4d4f0bbe83c06dfe45ed357186daef8b267c2751bee8
                                                                                                • Instruction ID: 219f3d9e5a28c29ddeddde88c15db38e4abe61f0da1159a67838445904fe4356
                                                                                                • Opcode Fuzzy Hash: 1b3bfdd086fb0b2f5a9e4d4f0bbe83c06dfe45ed357186daef8b267c2751bee8
                                                                                                • Instruction Fuzzy Hash: FB11C171A00204AFEB20CB15DC45BAAB7D8DF44728F18C4ABED458B741D374E808CBB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBDE4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • K32EnumProcesses.KERNEL32(?,?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDBE46
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnumProcesses
                                                                                                • String ID:
                                                                                                • API String ID: 84517404-0
                                                                                                • Opcode ID: fa216051f545f471255407ed08441ec42e7b582a647be7001dee4524f3538b88
                                                                                                • Instruction ID: 99cc60cf916bc6a5d13bf30bc5220a279f58ee2d0577132d02ac699d9ab0a025
                                                                                                • Opcode Fuzzy Hash: fa216051f545f471255407ed08441ec42e7b582a647be7001dee4524f3538b88
                                                                                                • Instruction Fuzzy Hash: 7C116D755057849FD721CF65DC84A96BFE8EF46220F0984ABED458B262D374A808CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0AC2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ReadFile.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F0B21
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 480938a86e0e98a6265cdfb3a7d99c276cb430ed6cb0899b4300671cf6d231a3
                                                                                                • Instruction ID: bf9dedb6345b6d6f56989b4589df78c51a2c640cad26c7aa57122531b00a68c8
                                                                                                • Opcode Fuzzy Hash: 480938a86e0e98a6265cdfb3a7d99c276cb430ed6cb0899b4300671cf6d231a3
                                                                                                • Instruction Fuzzy Hash: 4A118271500208AFEB21CF55DC45FA6FBE8EF04728F1484AAFE458B652D375A448CBB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2CB6 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ioctlsocket.WS2_32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F2D0F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ioctlsocket
                                                                                                • String ID:
                                                                                                • API String ID: 3577187118-0
                                                                                                • Opcode ID: 94cc9e0514d6409379782234090515d48055b57449cccf2f201a5ee21ac2c405
                                                                                                • Instruction ID: 99e0f268095c3fbf042f14e5260c36c50e2dc0516cc13f34694972477160d4fa
                                                                                                • Opcode Fuzzy Hash: 94cc9e0514d6409379782234090515d48055b57449cccf2f201a5ee21ac2c405
                                                                                                • Instruction Fuzzy Hash: A811C671500204AFE721CF55DC45BA6FBE8EF55724F04C4AAEE458B691D374E408CBB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA9B5 Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID:
                                                                                                • API String ID: 2538663250-0
                                                                                                • Opcode ID: 45c2ec4f0c88fb017ec39fe0ca98faf6718ece72b737adf3d58696a9971fdf98
                                                                                                • Instruction ID: 42e8ce0d4ff7ffa2eb02b6794111d9bdff6d8bef02b07afda60fdb921ca2931b
                                                                                                • Opcode Fuzzy Hash: 45c2ec4f0c88fb017ec39fe0ca98faf6718ece72b737adf3d58696a9971fdf98
                                                                                                • Instruction Fuzzy Hash: EB1160715093C05FDB12CB25DC45692BFB4EF07220F0884DBED848F253C275A948CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F15AA Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • shutdown.WS2_32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 012F1600
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: shutdown
                                                                                                • String ID:
                                                                                                • API String ID: 2510479042-0
                                                                                                • Opcode ID: 088a7d4ea99c412ca57f22cba747c34d32c325b9144b84e5fcc60637f8586eb1
                                                                                                • Instruction ID: 8dafd673e160fd2bf64828ec78691d7790681b2ba829a66f1dcccf2fd34f8268
                                                                                                • Opcode Fuzzy Hash: 088a7d4ea99c412ca57f22cba747c34d32c325b9144b84e5fcc60637f8586eb1
                                                                                                • Instruction Fuzzy Hash: 0A11E971500204AFEB11CF15DC45BA6F7E8DF04724F18C4AAEE459B641D374A448CBB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDA330
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 5ce8537f1d25775670fae252c5e562507f8861534ac48191e7c5788f9ecb3a35
                                                                                                • Instruction ID: 8db3539a963984b29884c0db0216b823b445963afdef1662883de1a3a6f32b2b
                                                                                                • Opcode Fuzzy Hash: 5ce8537f1d25775670fae252c5e562507f8861534ac48191e7c5788f9ecb3a35
                                                                                                • Instruction Fuzzy Hash: 071191714093C06FDB228B19DC54A62BFB4DF57624F0D84DBED848B263C265A908D772
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1DF2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 012F1E5B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 0e4ef2e003e82f06582a44b1f20868af7709b19db2b672d74faffbe7be50bf97
                                                                                                • Instruction ID: a5fd089069a65a98be11a4700fc7a25961246f686e055438d4575d433358fcfe
                                                                                                • Opcode Fuzzy Hash: 0e4ef2e003e82f06582a44b1f20868af7709b19db2b672d74faffbe7be50bf97
                                                                                                • Instruction Fuzzy Hash: 9811C271510204AEE7208F15DC41FA6F7A8DF44724F1480AAEE445A682D3B4A948CEA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F2D92 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: select
                                                                                                • String ID:
                                                                                                • API String ID: 1274211008-0
                                                                                                • Opcode ID: add5033c21be43a7db46c9c6e0528d57af99d9b846a2170db70852d6afaf76e3
                                                                                                • Instruction ID: f7aed4405f683914ebb5c9955b742a60a9e5c036da079e7555bcb8d230fe1131
                                                                                                • Opcode Fuzzy Hash: add5033c21be43a7db46c9c6e0528d57af99d9b846a2170db70852d6afaf76e3
                                                                                                • Instruction Fuzzy Hash: B1114F75610204DFEB20CF59D884BA6FBE8EF05610F0884BEDE49CB652D374E848CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: send
                                                                                                • String ID:
                                                                                                • API String ID: 2809346765-0
                                                                                                • Opcode ID: 12671abdef24890c01d502754fe84daca27a37c74ba20811b61fcf761d859e70
                                                                                                • Instruction ID: 7ee723ea0b53eff4e8a0fb5c526683b28fc50390cf906b5886951981e1aa949d
                                                                                                • Opcode Fuzzy Hash: 12671abdef24890c01d502754fe84daca27a37c74ba20811b61fcf761d859e70
                                                                                                • Instruction Fuzzy Hash: 23118F71549380AFDB22CF15DC44B52FFB4EF56324F08849FED858B662C275A818DB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB5E6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00DDB62E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: LookupPrivilegeValue
                                                                                                • String ID:
                                                                                                • API String ID: 3899507212-0
                                                                                                • Opcode ID: 33ad1548ba0ac83137235eac19a221e20bd11a78c9edcad793f2f3e2479c875e
                                                                                                • Instruction ID: fade7001857cb4d839d5bfff847aa42a8d15ed47a9cb93ce2adddb2b617edf5d
                                                                                                • Opcode Fuzzy Hash: 33ad1548ba0ac83137235eac19a221e20bd11a78c9edcad793f2f3e2479c875e
                                                                                                • Instruction Fuzzy Hash: 01115A71A042048FDB20CF2AD885B66BBE8EB14724F0884ABEC49CB752D374E804CA71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAD0A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CopyFileW.KERNEL32(?,?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDAD52
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CopyFile
                                                                                                • String ID:
                                                                                                • API String ID: 1304948518-0
                                                                                                • Opcode ID: 33ad1548ba0ac83137235eac19a221e20bd11a78c9edcad793f2f3e2479c875e
                                                                                                • Instruction ID: 7220f46172d2cc6abe0777a7a7665f05655d5d4f00b07626721605475627feef
                                                                                                • Opcode Fuzzy Hash: 33ad1548ba0ac83137235eac19a221e20bd11a78c9edcad793f2f3e2479c875e
                                                                                                • Instruction Fuzzy Hash: 0F1130726042458FDB20CF29D845756FBE8EF15721F08C4AAED45CBB52E674E844CA72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAEEA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileType.KERNEL32(?,00000E24,03534817,00000000,00000000,00000000,00000000), ref: 00DDAF3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileType
                                                                                                • String ID:
                                                                                                • API String ID: 3081899298-0
                                                                                                • Opcode ID: 41a3039cca72d7fe0a5467e53acfb08473e0929ae4dbe4d0056c86fbeaaa6408
                                                                                                • Instruction ID: e784449dc56c8d5efc00efe1f0a8154425737b07ba863bf8792859003f7ee47a
                                                                                                • Opcode Fuzzy Hash: 41a3039cca72d7fe0a5467e53acfb08473e0929ae4dbe4d0056c86fbeaaa6408
                                                                                                • Instruction Fuzzy Hash: F701C0B5504204AEE720CB15DC85BA6F7E8DF04724F18C0DAFD858B791D378E848CAB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA918 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForInputIdle.USER32(?,?), ref: 00DDA96F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: IdleInputWait
                                                                                                • String ID:
                                                                                                • API String ID: 2200289081-0
                                                                                                • Opcode ID: 170afe536ebd45954ff6389084ed970fb15aa6da7c6af6ddf8b0a5d9eb32bc9e
                                                                                                • Instruction ID: c0515e80ba63aa97d6eb9a4f4d472d7d6f04d57dd4276a736d4e8f375f1267f9
                                                                                                • Opcode Fuzzy Hash: 170afe536ebd45954ff6389084ed970fb15aa6da7c6af6ddf8b0a5d9eb32bc9e
                                                                                                • Instruction Fuzzy Hash: F5115E715093849FDB21CF55DC85B56FFA4EF46320F0984AAED858B262D279A808CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDBE06 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • K32EnumProcesses.KERNEL32(?,?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDBE46
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnumProcesses
                                                                                                • String ID:
                                                                                                • API String ID: 84517404-0
                                                                                                • Opcode ID: 2c606fd5f852ee6cbdf4428c521d80331eef5408f664a03bf450f673288a5cfe
                                                                                                • Instruction ID: 0bc43f0d88e6e20060f94a935df8cb450e8106a0d9ac83ef45ee5205b8d45f67
                                                                                                • Opcode Fuzzy Hash: 2c606fd5f852ee6cbdf4428c521d80331eef5408f664a03bf450f673288a5cfe
                                                                                                • Instruction Fuzzy Hash: D0118E756006448FDB10CF25D884B96FBE4EF14324F0884ABEE498B752D374E844CA61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1A46 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 012F1A92
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Connect
                                                                                                • String ID:
                                                                                                • API String ID: 3144859779-0
                                                                                                • Opcode ID: 1d47a69e2f5ae4bda3edfc015ca476474c6e4bc4f75cee5fa96606ba8df3faf0
                                                                                                • Instruction ID: 224a8eac9a018eb46513c4fa4ca83d9a26dd2e88f5c58ed019f3074f8dbba324
                                                                                                • Opcode Fuzzy Hash: 1d47a69e2f5ae4bda3edfc015ca476474c6e4bc4f75cee5fa96606ba8df3faf0
                                                                                                • Instruction Fuzzy Hash: 36119A31500204DFDB20CF55D844B66FBE4EF08220F0888AEEE458B662D375E418DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDAB8E Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetFileAttributesW.KERNEL32(?,?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDABCB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: be0f16bea2b373b29d522c7aa7120cc714a5d6a16d933851f40e28820f74daf7
                                                                                                • Instruction ID: 33ef03d75e092de8d76da863398c9832f3a99d8eabe217aefe0f9ad879ca318f
                                                                                                • Opcode Fuzzy Hash: be0f16bea2b373b29d522c7aa7120cc714a5d6a16d933851f40e28820f74daf7
                                                                                                • Instruction Fuzzy Hash: 0E018C75A042448FDB20CF2AD885766FBE8EF04720F08C4ABED49CB752D374E844CA62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA172 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnumWindows.USER32(?,00000E24,?,?), ref: 00DDA1C2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: EnumWindows
                                                                                                • String ID:
                                                                                                • API String ID: 1129996299-0
                                                                                                • Opcode ID: b15fb3b98a0108f6cc0cdbb6a3043247d58c084d0559d3963567300844ba54e2
                                                                                                • Instruction ID: 8db86b32303a4afccecc09746a920e8ce09be0f535e44e9948938cafe0a47ba0
                                                                                                • Opcode Fuzzy Hash: b15fb3b98a0108f6cc0cdbb6a3043247d58c084d0559d3963567300844ba54e2
                                                                                                • Instruction Fuzzy Hash: 3101B171600200AFD310DF16DC46B66FBE8FB89A20F14815AEC489B741D731F915CBE2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F1B66 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 012F1BB6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationVolume
                                                                                                • String ID:
                                                                                                • API String ID: 2039140958-0
                                                                                                • Opcode ID: 8319c6bdf10c3462d9102dd769fc4d55628b2a517b8ec8c31129c9867441c827
                                                                                                • Instruction ID: 58d1b1d5c22554badae9d4671283dce8c3104de46ce3a4a42c1fd8395babb0ea
                                                                                                • Opcode Fuzzy Hash: 8319c6bdf10c3462d9102dd769fc4d55628b2a517b8ec8c31129c9867441c827
                                                                                                • Instruction Fuzzy Hash: 2D019E71600200ABD210DF16DC46B66FBE8EB89A20F14811AEC489B742D731B915CBE2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0032 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012F0076
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: df039f2281fa5b59ab7c8a47a7218a21ce6f099e32edf64d6f493df00af328c1
                                                                                                • Instruction ID: 0de02cb2d6111a7db8d29aa5895c79b6418caab70a9eab0240eade819c66ab69
                                                                                                • Opcode Fuzzy Hash: df039f2281fa5b59ab7c8a47a7218a21ce6f099e32edf64d6f493df00af328c1
                                                                                                • Instruction Fuzzy Hash: CE01AD325102049FDB21CF55D844B66FBE1EF08720F08C8AEEE894B652C376E418DF62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDA780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 31ec4af9b88b2a42c048feb67b5ce7f86b80aa8886e3d3c5094c289eb1dd8ee9
                                                                                                • Instruction ID: 82c69ca77a4bd7f96551f9b2f425c94182501d9022db655babe519c91dcbd209
                                                                                                • Opcode Fuzzy Hash: 31ec4af9b88b2a42c048feb67b5ce7f86b80aa8886e3d3c5094c289eb1dd8ee9
                                                                                                • Instruction Fuzzy Hash: 7501DF75A042449FDB10CF2AE885766FBE4EF00720F08C4ABDC498B752D374E848CAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDB96A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDB99C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 72d9b126e5d885c5952487e2dee755edf82169fbbcec3bb11608da01653e435e
                                                                                                • Instruction ID: c36d8d560b0fad03f8d0b1485bd27c2f0a6d5b40288e213e0d17b8d9a15a3b91
                                                                                                • Opcode Fuzzy Hash: 72d9b126e5d885c5952487e2dee755edf82169fbbcec3bb11608da01653e435e
                                                                                                • Instruction Fuzzy Hash: FD019E756042848FDB10CF16D885756BBA4EB14734F08C0ABDD498B752C374E848CE72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 012F0C8E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 012F0CDE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480435887.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_12f0000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: bdfe55831ddd0981f258c6238b1888ee6d60045e1b57eb4935d474403e16bdaf
                                                                                                • Instruction ID: 2551020688b15f1233197b2c9ecbc992d92796a507a9f654cbadc0132d30db46
                                                                                                • Opcode Fuzzy Hash: bdfe55831ddd0981f258c6238b1888ee6d60045e1b57eb4935d474403e16bdaf
                                                                                                • Instruction Fuzzy Hash: 9501A271600200ABD210DF16DC46B66FBF8FB89A20F14C11AEC489BB42D771F955CBE6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: send
                                                                                                • String ID:
                                                                                                • API String ID: 2809346765-0
                                                                                                • Opcode ID: f7336227c9be84777444a3f18e80c4fbfebeb9f3d48b3d593cedd422c257fb99
                                                                                                • Instruction ID: 28ca852480cda7f22607ee352b94420a33a93268d5cbbec0197bc5a430fced76
                                                                                                • Opcode Fuzzy Hash: f7336227c9be84777444a3f18e80c4fbfebeb9f3d48b3d593cedd422c257fb99
                                                                                                • Instruction Fuzzy Hash: 860188715042449FDB20CF59D884B66FBA0EF18724F08C4AAED898B652D375E448DBB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA93A Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForInputIdle.USER32(?,?), ref: 00DDA96F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: IdleInputWait
                                                                                                • String ID:
                                                                                                • API String ID: 2200289081-0
                                                                                                • Opcode ID: f2417d11deb6e85cca7f7d6e50644b856d14aa8f20373aed117faeedcd376295
                                                                                                • Instruction ID: 971873cbabcd55e87e511a3be8695fe19d665ad3c8a9e200b57d795bc4e066fe
                                                                                                • Opcode Fuzzy Hash: f2417d11deb6e85cca7f7d6e50644b856d14aa8f20373aed117faeedcd376295
                                                                                                • Instruction Fuzzy Hash: B9017C719042449FDB20CF19D884B65FBA4EF04724F08C4ABDD498B756D375E444CEA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA9E2 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID:
                                                                                                • API String ID: 2538663250-0
                                                                                                • Opcode ID: 673dfba4d60bf749f165303a1e08c8aa588082e3203b293ff520c2d3bef23ddc
                                                                                                • Instruction ID: bf167409c39570e8086808c49802acb5e992a8f8e2cdba023f3ba03d4f8748d7
                                                                                                • Opcode Fuzzy Hash: 673dfba4d60bf749f165303a1e08c8aa588082e3203b293ff520c2d3bef23ddc
                                                                                                • Instruction Fuzzy Hash: C1018B719042849FDB20CF19D984765FBA4EF04724F08C4ABED498B752D3B9E848CAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DDA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(?,03534817,00000000,?,?,?,?,?,?,?,?,6C2D3C58), ref: 00DDA330
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479894969.0000000000DDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 27c4d9b53519e1b6ede370c8d79b7c5c662eac6a8b44180ed81cc0174a1ce895
                                                                                                • Instruction ID: 807afc022fcb4823664017abaca7903fa6e6a37c2b1b4fbf26f505621890cb96
                                                                                                • Opcode Fuzzy Hash: 27c4d9b53519e1b6ede370c8d79b7c5c662eac6a8b44180ed81cc0174a1ce895
                                                                                                • Instruction Fuzzy Hash: 31F08C759042449FDB208F0AD885765FBA0EF14724F08C4AADD494B752D2B9E848DAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01131072 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f4d16bab3a835901d9d6e3768ef1580f5bc34cbb5f9cd1ccb5dd983e69bed92e
                                                                                                • Instruction ID: 19b8d1a2eaf4d0eb57f387a15f4387022084de4feedf4797d49baa3a25d6d8ca
                                                                                                • Opcode Fuzzy Hash: f4d16bab3a835901d9d6e3768ef1580f5bc34cbb5f9cd1ccb5dd983e69bed92e
                                                                                                • Instruction Fuzzy Hash: 7921A5715093C09FD722CB25DC84B62BFF8EB46624F09849BD9458B653C3399808C762
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05802400 Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4484956529.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_5800000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a77ccd32e5edab91e35edcf929743aa7ad38a133f607d1b46e4aecac99624eb6
                                                                                                • Instruction ID: c3da7ef81c8356f81d80a42b3f23df02a61a98d35fd09593ce6c4759de2435ce
                                                                                                • Opcode Fuzzy Hash: a77ccd32e5edab91e35edcf929743aa7ad38a133f607d1b46e4aecac99624eb6
                                                                                                • Instruction Fuzzy Hash: 7711CCB5908341AFD340CF19D841A5BFBE4FB98664F04896EF998D7311D331E9148FA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01130934 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ff877d33815f6ab6f4edd4b1e9797d587eed2e16cb0ef7b66c62dcd925fdb12d
                                                                                                • Instruction ID: 342e5b58c1ad6baa8cb9be13711dbc36d9fb0a6e1b1b3963bc36629d227ce5c2
                                                                                                • Opcode Fuzzy Hash: ff877d33815f6ab6f4edd4b1e9797d587eed2e16cb0ef7b66c62dcd925fdb12d
                                                                                                • Instruction Fuzzy Hash: 9F11C0302082809FE719CB14D940B25BBE5ABCD618F24C59CE94D0BA87D73AD842C741
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011310D5 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ec46341cd91f5ed5230f6d8395edb717b94c7f1e93bc1c88011aba5032af83d9
                                                                                                • Instruction ID: a849f121c2055e5ad4344bdfa9fcfd971813cc0a28e67edd00c3b97d06da6be6
                                                                                                • Opcode Fuzzy Hash: ec46341cd91f5ed5230f6d8395edb717b94c7f1e93bc1c88011aba5032af83d9
                                                                                                • Instruction Fuzzy Hash: 121186715097C49FD722CB15DC84F62FFB8EB46614F0888AAED454B653C379A808CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EFB5A0 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479987771.0000000000EFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_efa000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c0791bcf9d19b37c8b8a8cea4020b07b892fa1160103ebea515f3cf73013bb7e
                                                                                                • Instruction ID: 02f67c0344c4fff674818908cc3a1ce7d7694ca069658893fefacd039ab53825
                                                                                                • Opcode Fuzzy Hash: c0791bcf9d19b37c8b8a8cea4020b07b892fa1160103ebea515f3cf73013bb7e
                                                                                                • Instruction Fuzzy Hash: B411ECB5508305AFD350CF09D841A5BFBE8EB98660F04891EF95997711D271E9188BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01130912 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 33bf4503985448ee329745eeaf26cbb0e48643dcd10371d94e7147296541b2b5
                                                                                                • Instruction ID: 05aa0e336694c560c99ce6ccfd1092dbc0f75a0871eaca25b7775db29a8e88c6
                                                                                                • Opcode Fuzzy Hash: 33bf4503985448ee329745eeaf26cbb0e48643dcd10371d94e7147296541b2b5
                                                                                                • Instruction Fuzzy Hash: 93115135109780DFD717CB14C990B55BBB1EB8A218F2889EEE4894B663C33AD806CB41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011310F6 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 06076142fc9ef8b47a32f2b9a4ffbcacca4661a79e30b51b174aa5b2eceadaca
                                                                                                • Instruction ID: 38f2941bc30a05fa8860dc34e502b32f53718c4c34cc3fb7876f2b0dd553c980
                                                                                                • Opcode Fuzzy Hash: 06076142fc9ef8b47a32f2b9a4ffbcacca4661a79e30b51b174aa5b2eceadaca
                                                                                                • Instruction Fuzzy Hash: DD01F771604784DFD725CF29D980BA1FBE4EB85624F08C46ADD094BB46C37DA448CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011305DF Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 981c81e4d6cbb8a34f3117a0c01df253206d710b4387695edc8bdf49349ccd95
                                                                                                • Instruction ID: 48ad95e42503a02c224002d7650984708d187a7139d1c25998734341af7b7ac6
                                                                                                • Opcode Fuzzy Hash: 981c81e4d6cbb8a34f3117a0c01df253206d710b4387695edc8bdf49349ccd95
                                                                                                • Instruction Fuzzy Hash: DB01DB765097846FC7128F05AC41872FFF8EF86520709C4AFEC4987612C235B809CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011309F0 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 29d72fd811d1dcf0381d502175804f2cf81f84fb0d159f174eee8ef1af5a1991
                                                                                                • Instruction ID: 0cc48cc2fb2376818d755f7fb3bfc767114abb2ecd9eba4c9df7c21399ea6e28
                                                                                                • Opcode Fuzzy Hash: 29d72fd811d1dcf0381d502175804f2cf81f84fb0d159f174eee8ef1af5a1991
                                                                                                • Instruction Fuzzy Hash: 6AF0FB35104644DFC606CB04D540B25FBE2EB89718F24CAA9E94917A56C7379812DB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01130606 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4480392186.0000000001130000.00000040.00000020.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1130000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dfd6456bdab21a19df8705cd358bcb60c5516705c9500d9f09c301e3991d6376
                                                                                                • Instruction ID: d8e78d17417179159e70e9e52309ec6dc002d85233320b07c1b5330654a29a39
                                                                                                • Opcode Fuzzy Hash: dfd6456bdab21a19df8705cd358bcb60c5516705c9500d9f09c301e3991d6376
                                                                                                • Instruction Fuzzy Hash: BBE092B66006444BD650CF0BFC41462F7D8EB88A30B08C07FDC0D8B711D675B909CAA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05801D17 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4484956529.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_5800000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f2b8adc0599e9c0dd9fc88aeeaca8c5a2f995accb5023d804faa135b13f466e9
                                                                                                • Instruction ID: ac3c393ccf483db41318ea84137ece842613f7b689e78c4d44a9445e849a72d1
                                                                                                • Opcode Fuzzy Hash: f2b8adc0599e9c0dd9fc88aeeaca8c5a2f995accb5023d804faa135b13f466e9
                                                                                                • Instruction Fuzzy Hash: C6E0D8F254020467D210DE06AC46F63FB98DB50930F04C46BED091B702D172B514C9E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0580246B Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4484956529.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_5800000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c7ab42515bd8af8ba3633dc315bb1e298ada8aacb8a4eda43b941ace3669dfd
                                                                                                • Instruction ID: e583a55d6ac09adeb75e23721c059d1094ff5a684c0fc5f703fbd9476d16b82d
                                                                                                • Opcode Fuzzy Hash: 2c7ab42515bd8af8ba3633dc315bb1e298ada8aacb8a4eda43b941ace3669dfd
                                                                                                • Instruction Fuzzy Hash: D0E0D8F254030467D2508E06AC46F62FB98DB54931F04C46BED081B742D172B51489E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00EFB5EF Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479987771.0000000000EFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_efa000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d232ac6161bab0944c1e747ddda8ad491eb24bf630fde2346dc67735c8c55644
                                                                                                • Instruction ID: 70eb512d8003335f0ba42a83f4e82096a14e9cfcdb3b5b506cc293ae23e2b0d2
                                                                                                • Opcode Fuzzy Hash: d232ac6161bab0944c1e747ddda8ad491eb24bf630fde2346dc67735c8c55644
                                                                                                • Instruction Fuzzy Hash: 67E0D8B254020467D2108E06AC46F62F798DB50930F04C56BED095B702D272B5148AF1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DD23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479874383.0000000000DD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dd2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3097040e93bd39c7aae0365f9d92fbd0f453d2a985f00fc1db1fdcad94353ef4
                                                                                                • Instruction ID: 8bc0b75e3ee768bceedd8bab48c2fcca9bf81825b128a3576a31a8fdce4b58c9
                                                                                                • Opcode Fuzzy Hash: 3097040e93bd39c7aae0365f9d92fbd0f453d2a985f00fc1db1fdcad94353ef4
                                                                                                • Instruction Fuzzy Hash: A0D05E7A2056C14FD3179E1CC1A5BA537D4BB61714F4A44FAAC408B763C768D981D611
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00DD23BC Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.4479874383.0000000000DD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_dd2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 929a155c91b6f3a90de8db31c7ff5ca6482c1001bf19ad4d63e182c5cd761c8c
                                                                                                • Instruction ID: 099e74f78ddcaf2d361251315471dab54aaf3cab9014bddfa5e729fef80a01ed
                                                                                                • Opcode Fuzzy Hash: 929a155c91b6f3a90de8db31c7ff5ca6482c1001bf19ad4d63e182c5cd761c8c
                                                                                                • Instruction Fuzzy Hash: 85D05E353402814BC715DE0CC2D4F6937D4AB90B15F0A44EDAC108B762C7A8D9C0CA10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:10.7%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:12
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 547 cda646 548 cda67e CreateMutexW 547->548 550 cda6c1 548->550 559 cda361 560 cda392 RegQueryValueExW 559->560 562 cda41b 560->562 563 cda462 564 cda486 RegSetValueExW 563->564 566 cda507 564->566 567 cda612 569 cda646 CreateMutexW 567->569 570 cda6c1 569->570

                                                                                                Callgraph

                                                                                                Executed Functions

                                                                                                Function 04E8035F Relevance: 3.9, Strings: 3, Instructions: 162COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 4e8035f-4e80391 2 4e803d8-4e803ff 0->2 3 4e80393-4e803bb 0->3 9 4e8040a-4e80418 2->9 8 4e803ce 3->8 8->2 10 4e8041a 9->10 11 4e8041f-4e80434 9->11 10->11 13 4e8046b-4e80523 11->13 14 4e80436-4e80460 11->14 33 4e80570-4e80587 13->33 34 4e80525-4e80569 13->34 14->13 35 4e8058d-4e805bf 33->35 36 4e80880 33->36 34->33 35->36
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255963054.0000000004E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4e80000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: [^k^$-[^k^$=[^k^
                                                                                                • API String ID: 0-3832217768
                                                                                                • Opcode ID: dcf404c4a0fd8ac0d4ea0941761608b38ff794c0e354ff1c48163f0be2bdefb0
                                                                                                • Instruction ID: 3df80626ac94444e8538ea4ac076d1d6582d82dcfae6375ba116e256136a1a06
                                                                                                • Opcode Fuzzy Hash: dcf404c4a0fd8ac0d4ea0941761608b38ff794c0e354ff1c48163f0be2bdefb0
                                                                                                • Instruction Fuzzy Hash: 225124317002448FCB18BB7984616BE77E79FC5348B154429E806DB3E5EF39ED0A97A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04E80368 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 47 4e80368-4e80391 49 4e803d8-4e803ff 47->49 50 4e80393-4e803bb 47->50 56 4e8040a-4e80418 49->56 55 4e803ce 50->55 55->49 57 4e8041a 56->57 58 4e8041f-4e80434 56->58 57->58 60 4e8046b-4e80523 58->60 61 4e80436-4e80460 58->61 80 4e80570-4e80587 60->80 81 4e80525-4e80569 60->81 61->60 82 4e8058d-4e805bf 80->82 83 4e80880 80->83 81->80 82->83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255963054.0000000004E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4e80000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: [^k^$-[^k^$=[^k^
                                                                                                • API String ID: 0-3832217768
                                                                                                • Opcode ID: 3777622c9d4a3b0826abcec79cc5d72e139438fe3c1a2507d99f3a8fa4a3b4c4
                                                                                                • Instruction ID: 557f14633f55b6654aea6ee737f34d45a4dd5b5453a31f5f87deec27138c0e6b
                                                                                                • Opcode Fuzzy Hash: 3777622c9d4a3b0826abcec79cc5d72e139438fe3c1a2507d99f3a8fa4a3b4c4
                                                                                                • Instruction Fuzzy Hash: 3C5146317002448FCB18BB3984616BE76E79FC53487054429E806DF3E5EF39ED0A97A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04E803BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 94 4e803bd-4e80418 102 4e8041a 94->102 103 4e8041f-4e80434 94->103 102->103 105 4e8046b-4e80523 103->105 106 4e80436-4e80460 103->106 125 4e80570-4e80587 105->125 126 4e80525-4e80569 105->126 106->105 127 4e8058d-4e805bf 125->127 128 4e80880 125->128 126->125 127->128
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255963054.0000000004E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4e80000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: [^k^$-[^k^$=[^k^
                                                                                                • API String ID: 0-3832217768
                                                                                                • Opcode ID: a313226a471f36261e0ae5c5453d7ce2e1aba3e8b645c034e5a9828168f5a435
                                                                                                • Instruction ID: c8d08475d8502c16e1d7710bfd43f0e9c13c67d1b643a69bddb0a8e2e11fa6bb
                                                                                                • Opcode Fuzzy Hash: a313226a471f36261e0ae5c5453d7ce2e1aba3e8b645c034e5a9828168f5a435
                                                                                                • Instruction Fuzzy Hash: 084124317002554FCB18BB7984652BD72D39FD63887094429E806DF3E5EF28ED0AA7A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 139 cda612-cda695 143 cda69a-cda6a3 139->143 144 cda697 139->144 145 cda6a8-cda6b1 143->145 146 cda6a5 143->146 144->143 147 cda6b3-cda6d7 CreateMutexW 145->147 148 cda702-cda707 145->148 146->145 151 cda709-cda70e 147->151 152 cda6d9-cda6ff 147->152 148->147 151->152
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00CDA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 5a6d1f71a6562382c5cf603559549de28679adb09e2aa8ba800b480aadd0ac49
                                                                                                • Instruction ID: 795c1925930bd9b1461db5c7863fba53a44299b53554006d7c89bf36f76296bf
                                                                                                • Opcode Fuzzy Hash: 5a6d1f71a6562382c5cf603559549de28679adb09e2aa8ba800b480aadd0ac49
                                                                                                • Instruction Fuzzy Hash: 993193755093805FE711CB25CC85B96BFF8EF06314F09849AE984CB292D375E909CB76
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 155 cda361-cda3cf 158 cda3d4-cda3dd 155->158 159 cda3d1 155->159 160 cda3df 158->160 161 cda3e2-cda3e8 158->161 159->158 160->161 162 cda3ed-cda404 161->162 163 cda3ea 161->163 165 cda43b-cda440 162->165 166 cda406-cda419 RegQueryValueExW 162->166 163->162 165->166 167 cda41b-cda438 166->167 168 cda442-cda447 166->168 168->167
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,27AEFF21,00000000,00000000,00000000,00000000), ref: 00CDA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 4529f36e5e5bd47173f5a7fddabe671912d4ca549ba8779277ff3b70b1be52eb
                                                                                                • Instruction ID: 5059ce5227863b6d0a73925e61a1105e239db832b240acdab66d942da412c428
                                                                                                • Opcode Fuzzy Hash: 4529f36e5e5bd47173f5a7fddabe671912d4ca549ba8779277ff3b70b1be52eb
                                                                                                • Instruction Fuzzy Hash: AC316175505784AFE722CF15CC84F92BBF8EF06710F08859AE985CB292D364E949CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 172 cda462-cda4c3 175 cda4c8-cda4d4 172->175 176 cda4c5 172->176 177 cda4d9-cda4f0 175->177 178 cda4d6 175->178 176->175 180 cda527-cda52c 177->180 181 cda4f2-cda505 RegSetValueExW 177->181 178->177 180->181 182 cda52e-cda533 181->182 183 cda507-cda524 181->183 182->183
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,27AEFF21,00000000,00000000,00000000,00000000), ref: 00CDA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 16c3a7580bb97c29b5b4e549fde94863ae451c544ddeefd8c73026bda038dab5
                                                                                                • Instruction ID: 2ed59b0334dada9274ebb69f12133f94d02a9ee285578e2872e2030b080207ea
                                                                                                • Opcode Fuzzy Hash: 16c3a7580bb97c29b5b4e549fde94863ae451c544ddeefd8c73026bda038dab5
                                                                                                • Instruction Fuzzy Hash: 36218E765047806FDB228F11DC44FA7BFB8EF46220F08849AE985CB652D264E948CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 187 cda646-cda695 190 cda69a-cda6a3 187->190 191 cda697 187->191 192 cda6a8-cda6b1 190->192 193 cda6a5 190->193 191->190 194 cda6b3-cda6bb CreateMutexW 192->194 195 cda702-cda707 192->195 193->192 197 cda6c1-cda6d7 194->197 195->194 198 cda709-cda70e 197->198 199 cda6d9-cda6ff 197->199 198->199
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00CDA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 863197603207aaf50b2499d8544ce6c03281417fb3a5d3479f719dedcba3df65
                                                                                                • Instruction ID: 8594bc8d574efc59d700a049deab3fefcc975051d4235d4487c70e76e8bf69f5
                                                                                                • Opcode Fuzzy Hash: 863197603207aaf50b2499d8544ce6c03281417fb3a5d3479f719dedcba3df65
                                                                                                • Instruction Fuzzy Hash: F22180716042449FE720CF26DC85BA6FBE8EF04724F08846AEE458B741D375E909CB76
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 202 cda392-cda3cf 204 cda3d4-cda3dd 202->204 205 cda3d1 202->205 206 cda3df 204->206 207 cda3e2-cda3e8 204->207 205->204 206->207 208 cda3ed-cda404 207->208 209 cda3ea 207->209 211 cda43b-cda440 208->211 212 cda406-cda419 RegQueryValueExW 208->212 209->208 211->212 213 cda41b-cda438 212->213 214 cda442-cda447 212->214 214->213
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,27AEFF21,00000000,00000000,00000000,00000000), ref: 00CDA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: f4d48fb4c7ddd79ddd71fabe5e0ba8115e83d7aad1cab7ce72044c23d7b1074f
                                                                                                • Instruction ID: a0bd9d1741f1401a192da6fcd70be721d32a72fc179698e6557b2da7862ce4f1
                                                                                                • Opcode Fuzzy Hash: f4d48fb4c7ddd79ddd71fabe5e0ba8115e83d7aad1cab7ce72044c23d7b1074f
                                                                                                • Instruction Fuzzy Hash: A4218E766002049FEB20CF15CC84FA6B7ECEF04720F04846AEA458B751D7A4E949CA72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CDA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 218 cda486-cda4c3 220 cda4c8-cda4d4 218->220 221 cda4c5 218->221 222 cda4d9-cda4f0 220->222 223 cda4d6 220->223 221->220 225 cda527-cda52c 222->225 226 cda4f2-cda505 RegSetValueExW 222->226 223->222 225->226 227 cda52e-cda533 226->227 228 cda507-cda524 226->228 227->228
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,27AEFF21,00000000,00000000,00000000,00000000), ref: 00CDA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255278937.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cda000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: f0480426ba277f72cfafcfb55dbe4048b0459279b413ca1d543fc96c3268724e
                                                                                                • Instruction ID: 400f5aa8730d58fb2fd66b2c6a9626efff0620c36bc55d1bb7adc509fc5d6501
                                                                                                • Opcode Fuzzy Hash: f0480426ba277f72cfafcfb55dbe4048b0459279b413ca1d543fc96c3268724e
                                                                                                • Instruction Fuzzy Hash: C311B176500604AFEB218F15DC44FA7BBECEF04724F04845AEE458B741D374E948CAB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04E80090 Relevance: .1, Instructions: 124COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 232 4e80090-4e800ad 235 4e800b8-4e802f9 232->235
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255963054.0000000004E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4e80000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 166f438ac6f6fbb4fc55d8bb84cfb601f08ddbc2af2e8b0fada852110a7d1d64
                                                                                                • Instruction ID: 365786156c6bcfc25d674a0120e8fc51eb28340b8b6d20b14c45b3488ac22c04
                                                                                                • Opcode Fuzzy Hash: 166f438ac6f6fbb4fc55d8bb84cfb601f08ddbc2af2e8b0fada852110a7d1d64
                                                                                                • Instruction Fuzzy Hash: 75510D722112868FC704FF34E48998AB7A2FB9530C7518E2DD4458B36EFB346D1ACB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04E80006 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 273 4e80006-4e80076
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255963054.0000000004E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E80000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4e80000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9103b63e6fe2c37c07c00b2dfc202050f59e45910643f20807b5fd0e9caa3b3a
                                                                                                • Instruction ID: 488e5b91dcfc23f2b2eb14e4a6967e5724c289b438c84240fa2295cd5d1afb65
                                                                                                • Opcode Fuzzy Hash: 9103b63e6fe2c37c07c00b2dfc202050f59e45910643f20807b5fd0e9caa3b3a
                                                                                                • Instruction Fuzzy Hash: 49011E8684E3C25FD70322741CAA2943F709D6306578F02D7C496CA5E3E81C595F8BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00F905E7 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 276 f905e7-f90603 277 f90606-f90620 276->277 278 f90626-f90643 277->278
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255634134.0000000000F90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_f90000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: eb1167db210bc98cdee887503929ec2185c3eb97532643d9062adc5f2c61019f
                                                                                                • Instruction ID: b7b0f3c88ffa489b434cf9d60f1f3b425a2c2c5223804afe3df82dc64bb4b0f7
                                                                                                • Opcode Fuzzy Hash: eb1167db210bc98cdee887503929ec2185c3eb97532643d9062adc5f2c61019f
                                                                                                • Instruction Fuzzy Hash: 73F0A4B65093846FD7118B06AC40862FFBCEB86630709C4AFEC498B612D225B908CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00F90606 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 279 f90606-f90620 280 f90626-f90643 279->280
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255634134.0000000000F90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_f90000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5a427cfae3df47817e418f0901d5ac518464019f3f1379637fe0f7fcac6536c3
                                                                                                • Instruction ID: 7cf2c91c81de7c40319620e4b7606b4b1bc50f86347224a85a0c627a79977470
                                                                                                • Opcode Fuzzy Hash: 5a427cfae3df47817e418f0901d5ac518464019f3f1379637fe0f7fcac6536c3
                                                                                                • Instruction Fuzzy Hash: 7EE092B66046044BD650CF0AEC81452F7D8EB88630B08C47FDC0D8B701D636B509CAA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CD23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 281 cd23f4-cd23ff 282 cd2401-cd240e 281->282 283 cd2412-cd2417 281->283 282->283 284 cd2419 283->284 285 cd241a 283->285 286 cd2420-cd2421 285->286
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255261021.0000000000CD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cd2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9a30d55328179c2e28dd1c3b8062b0c2ebde62069ccac438ca4f4f03d70fafe0
                                                                                                • Instruction ID: 8d53962de8b3c1f8ef32cb9811098ae41f9f3224123396b2d38308b35352ce57
                                                                                                • Opcode Fuzzy Hash: 9a30d55328179c2e28dd1c3b8062b0c2ebde62069ccac438ca4f4f03d70fafe0
                                                                                                • Instruction Fuzzy Hash: A2D05E7A2056C14FD3179E1CC1A4B9537D4BB61714F4A44FBAC408B763C768DA81E601
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00CD23BC Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 287 cd23bc-cd23c3 288 cd23c5-cd23d2 287->288 289 cd23d6-cd23db 287->289 288->289 290 cd23dd-cd23e0 289->290 291 cd23e1 289->291 292 cd23e7-cd23e8 291->292
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.2255261021.0000000000CD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_cd2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6d8d9f12387adb49dfa38219707b660c2784e2c3ff941ab6c6b6081102e041b6
                                                                                                • Instruction ID: 1f307d429437681475c25e1b2aff55e14a0025dff5f98dfb400950999978fc45
                                                                                                • Opcode Fuzzy Hash: 6d8d9f12387adb49dfa38219707b660c2784e2c3ff941ab6c6b6081102e041b6
                                                                                                • Instruction Fuzzy Hash: FFD05E353402814BC715DE0CC2D4F5937D8AB90B15F0644E9AC208B772C7A8DAC0CA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:19.2%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:19
                                                                                                Total number of Limit Nodes:1
                                                                                                execution_graph 551 14ca74e 552 14ca7b9 551->552 553 14ca77a FindCloseChangeNotification 551->553 552->553 554 14ca788 553->554 555 14ca646 556 14ca67e CreateMutexW 555->556 558 14ca6c1 556->558 575 14ca710 576 14ca74e FindCloseChangeNotification 575->576 578 14ca788 576->578 567 14ca361 568 14ca392 RegQueryValueExW 567->568 570 14ca41b 568->570 571 14ca462 573 14ca486 RegSetValueExW 571->573 574 14ca507 573->574 579 14ca612 581 14ca646 CreateMutexW 579->581 582 14ca6c1 581->582

                                                                                                Callgraph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                • Opacity -> Relevance
                                                                                                • Disassembly available
                                                                                                callgraph 0 Function_014CA74E 1 Function_014705C0 2 Function_01470740 3 Function_0147064F 26 Function_0147066A 3->26 4 Function_0536083E 5 Function_014CA646 6 Function_053603BD 7 Function_014CA540 8 Function_014705C8 9 Function_01470648 10 Function_014CA45C 11 Function_014CA25E 12 Function_014C2458 13 Function_014705D0 14 Function_0147005F 15 Function_014C20D0 16 Function_014CA2D2 17 Function_014705D8 18 Function_014705E7 19 Function_014CA56E 20 Function_05360310 21 Function_014705E0 22 Function_014C2364 23 Function_014C2264 24 Function_0147026D 25 Function_0536069A 27 Function_014CA361 28 Function_014CA462 29 Function_05360006 29->6 29->18 29->20 34 Function_05360301 29->34 41 Function_01470606 29->41 30 Function_014CA2FE 31 Function_01470074 32 Function_014CA078 33 Function_05360080 35 Function_0147067F 36 Function_014CA1F4 37 Function_014C23F4 38 Function_0147077B 39 Function_014C21F0 40 Function_014CA172 42 Function_01470000 43 Function_014CA005 44 Function_014CA486 45 Function_014C2006 46 Function_0147000C 47 Function_05360878 48 Function_01470717 49 Function_053606E2 50 Function_014C2098 51 Function_014CA09A 52 Function_01470710 53 Function_05360761 54 Function_014C2194 55 Function_014CA710 56 Function_0536076B 57 Function_014CA392 58 Function_014CA612 59 Function_014CA02E 60 Function_0536085F 61 Function_014CA120 62 Function_0536075A 63 Function_014CA23C 64 Function_014C23BC 65 Function_014C213C 66 Function_01470734 67 Function_053607C2 68 Function_014C22B4 69 Function_0536084F 70 Function_014C2430

                                                                                                Executed Functions

                                                                                                Function 014CA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 14ca612-14ca695 4 14ca69a-14ca6a3 0->4 5 14ca697 0->5 6 14ca6a8-14ca6b1 4->6 7 14ca6a5 4->7 5->4 8 14ca702-14ca707 6->8 9 14ca6b3-14ca6d7 CreateMutexW 6->9 7->6 8->9 12 14ca709-14ca70e 9->12 13 14ca6d9-14ca6ff 9->13 12->13
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 014CA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 238d642319aed9161e4d128bab2598f6e7a28dcbcc72c50b6b018a593101aef1
                                                                                                • Instruction ID: 50ab13e672d8dd00c1ed15a8f0a1c17600867884f81595aec212e802da73fbe2
                                                                                                • Opcode Fuzzy Hash: 238d642319aed9161e4d128bab2598f6e7a28dcbcc72c50b6b018a593101aef1
                                                                                                • Instruction Fuzzy Hash: E731A1B55093845FE712CB65CC45B96BFF8EF06614F08849AE984CB292D375E809CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 16 14ca361-14ca3cf 19 14ca3d4-14ca3dd 16->19 20 14ca3d1 16->20 21 14ca3df 19->21 22 14ca3e2-14ca3e8 19->22 20->19 21->22 23 14ca3ed-14ca404 22->23 24 14ca3ea 22->24 26 14ca43b-14ca440 23->26 27 14ca406-14ca419 RegQueryValueExW 23->27 24->23 26->27 28 14ca41b-14ca438 27->28 29 14ca442-14ca447 27->29 29->28
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,79006B60,00000000,00000000,00000000,00000000), ref: 014CA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 4d85ff0661342604eb6ec11ef518c6aaee69f7d9ee0b83d7559605f2f08a9000
                                                                                                • Instruction ID: 461ae719e410f0a1359c5ffa767356abc5048e123b387cbebeb484c5bf09dce6
                                                                                                • Opcode Fuzzy Hash: 4d85ff0661342604eb6ec11ef518c6aaee69f7d9ee0b83d7559605f2f08a9000
                                                                                                • Instruction Fuzzy Hash: FE318E75505784AFE722CF15CC84F93BBF8EF06610F08849AE985CB2A2D364E949CB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 33 14ca462-14ca4c3 36 14ca4c8-14ca4d4 33->36 37 14ca4c5 33->37 38 14ca4d9-14ca4f0 36->38 39 14ca4d6 36->39 37->36 41 14ca527-14ca52c 38->41 42 14ca4f2-14ca505 RegSetValueExW 38->42 39->38 41->42 43 14ca52e-14ca533 42->43 44 14ca507-14ca524 42->44 43->44
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,79006B60,00000000,00000000,00000000,00000000), ref: 014CA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 10efc5eb91a64bcbb60f63cbb409b6eb4411bb7ffcc23ddef70da007d378e3ec
                                                                                                • Instruction ID: 9cd876beda72f8664da8717679f5583886342cbbad3dd5dcc7f40652d5e5918d
                                                                                                • Opcode Fuzzy Hash: 10efc5eb91a64bcbb60f63cbb409b6eb4411bb7ffcc23ddef70da007d378e3ec
                                                                                                • Instruction Fuzzy Hash: 4E21B0B65043846FE7228F15CC44FA3BFF8EF06614F08859AE985CB662D364E848CB75
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 48 14ca646-14ca695 51 14ca69a-14ca6a3 48->51 52 14ca697 48->52 53 14ca6a8-14ca6b1 51->53 54 14ca6a5 51->54 52->51 55 14ca702-14ca707 53->55 56 14ca6b3-14ca6bb CreateMutexW 53->56 54->53 55->56 58 14ca6c1-14ca6d7 56->58 59 14ca709-14ca70e 58->59 60 14ca6d9-14ca6ff 58->60 59->60
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 014CA6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: a45db7c4fee429f9452fc80480478869fbc8f4eacbfac59026ba2d4758c55481
                                                                                                • Instruction ID: efc36acc4e16f55a36138e39b247b178f2490ce105e28fea389dd97078f884bd
                                                                                                • Opcode Fuzzy Hash: a45db7c4fee429f9452fc80480478869fbc8f4eacbfac59026ba2d4758c55481
                                                                                                • Instruction Fuzzy Hash: BB21F2756002089FE720CF69CC45BA6FBE8EF04624F14846EED898B751E374E809CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA710 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 79 14ca710-14ca778 81 14ca7b9-14ca7be 79->81 82 14ca77a-14ca782 FindCloseChangeNotification 79->82 81->82 83 14ca788-14ca79a 82->83 85 14ca79c-14ca7b8 83->85 86 14ca7c0-14ca7c5 83->86 86->85
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 014CA780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 2883ec1ea91e9e9e20ff8abe636f04045cbc1e2a40e25a49410564e41b6c7c97
                                                                                                • Instruction ID: fe134b89bf5528c2eecb7b5516c27c508be472053edad26375f00a0b14c2c631
                                                                                                • Opcode Fuzzy Hash: 2883ec1ea91e9e9e20ff8abe636f04045cbc1e2a40e25a49410564e41b6c7c97
                                                                                                • Instruction Fuzzy Hash: 4121F6B55093849FD7128F15DC85752BFB4EF02324F0984DBDC458F2A3D235A905DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 63 14ca392-14ca3cf 65 14ca3d4-14ca3dd 63->65 66 14ca3d1 63->66 67 14ca3df 65->67 68 14ca3e2-14ca3e8 65->68 66->65 67->68 69 14ca3ed-14ca404 68->69 70 14ca3ea 68->70 72 14ca43b-14ca440 69->72 73 14ca406-14ca419 RegQueryValueExW 69->73 70->69 72->73 74 14ca41b-14ca438 73->74 75 14ca442-14ca447 73->75 75->74
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,79006B60,00000000,00000000,00000000,00000000), ref: 014CA40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 43744d4c155416713a36a81fde72b2f3c96679fab18f3b9995f6df859d55ca54
                                                                                                • Instruction ID: ff580b7f302f2a01806abccefc0581e9a17624d501130651d1e80f73d61d990d
                                                                                                • Opcode Fuzzy Hash: 43744d4c155416713a36a81fde72b2f3c96679fab18f3b9995f6df859d55ca54
                                                                                                • Instruction Fuzzy Hash: 5D218E796006089FE761CF15CC84FA7F7ECEF04A24F14846AE9458B761E374E849CA75
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 88 14ca486-14ca4c3 90 14ca4c8-14ca4d4 88->90 91 14ca4c5 88->91 92 14ca4d9-14ca4f0 90->92 93 14ca4d6 90->93 91->90 95 14ca527-14ca52c 92->95 96 14ca4f2-14ca505 RegSetValueExW 92->96 93->92 95->96 97 14ca52e-14ca533 96->97 98 14ca507-14ca524 96->98 97->98
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,79006B60,00000000,00000000,00000000,00000000), ref: 014CA4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 40aa438808cdf169bfa2ce6f985b4034e2b1aaf5dbfdcac5e11554c4795b3ecf
                                                                                                • Instruction ID: b8266b7d61fb60e23c439839199dc16ec0f41fce3037adf7e84bb5e64b3aca9e
                                                                                                • Opcode Fuzzy Hash: 40aa438808cdf169bfa2ce6f985b4034e2b1aaf5dbfdcac5e11554c4795b3ecf
                                                                                                • Instruction Fuzzy Hash: AC11E17A600608AFE7218E05CC44FA7FBECEF04A24F14C55AED458B751E374E448CAB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014CA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 102 14ca74e-14ca778 103 14ca7b9-14ca7be 102->103 104 14ca77a-14ca782 FindCloseChangeNotification 102->104 103->104 105 14ca788-14ca79a 104->105 107 14ca79c-14ca7b8 105->107 108 14ca7c0-14ca7c5 105->108 108->107
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 014CA780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349500848.00000000014CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CA000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14ca000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 8927683818f5439dca62333c210153e151a567d205bdedcb7d77305e88f1f55e
                                                                                                • Instruction ID: 161e99fa7a27b2a457eef8f88fdcdc96cc39e8942f42cab489b0c40d88b14449
                                                                                                • Opcode Fuzzy Hash: 8927683818f5439dca62333c210153e151a567d205bdedcb7d77305e88f1f55e
                                                                                                • Instruction Fuzzy Hash: 1D01D4796052088FDB50CF29D984756FBE4EF00624F18C4AFDC468F752D375E448CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05360310 Relevance: .2, Instructions: 189COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 110 5360310-5360334 112 5360336-5360338 110->112 113 536033e-5360346 110->113 112->113 114 536034e-5360391 113->114 115 5360348-536034d 113->115 118 5360393-53603ce 114->118 119 53603d8-5360418 114->119 118->119 126 536041f-5360434 119->126 127 536041a 119->127 129 5360436-5360460 126->129 130 536046b-5360523 126->130 127->126 129->130 149 5360525-5360569 130->149 150 5360570-5360587 130->150 149->150 151 5360880 150->151 152 536058d-53605bf 150->152 152->151
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349890971.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5360000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 07c0af7bb731fb9b9107ccda631399f6ec7ef4db6a237f639f17284284323ac8
                                                                                                • Instruction ID: 98cf760ca2f09d336ab3465490e3e9de9512d5a0ed174e24006d6839807a1c55
                                                                                                • Opcode Fuzzy Hash: 07c0af7bb731fb9b9107ccda631399f6ec7ef4db6a237f639f17284284323ac8
                                                                                                • Instruction Fuzzy Hash: FF513570B003018FCB19EB3A94656BD77EBAB85248715856EE402DB3E4DF78CC458BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 053603BD Relevance: .1, Instructions: 135COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 163 53603bd-5360418 171 536041f-5360434 163->171 172 536041a 163->172 174 5360436-5360460 171->174 175 536046b-5360523 171->175 172->171 174->175 194 5360525-5360569 175->194 195 5360570-5360587 175->195 194->195 196 5360880 195->196 197 536058d-53605bf 195->197 197->196
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349890971.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5360000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dacfdceccc2c27316dd71ba847e32b15543868c109ebef2409025e2b6f3ba0f5
                                                                                                • Instruction ID: a37c87a4a45504df36ed4c24efe29414bf28b7e8018c039077ac7a94a99d68b5
                                                                                                • Opcode Fuzzy Hash: dacfdceccc2c27316dd71ba847e32b15543868c109ebef2409025e2b6f3ba0f5
                                                                                                • Instruction Fuzzy Hash: 7C412570B002118F8B59EB7A80656BD72D7AFD6548745842EE402DB3E4DFBCCC0A87A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05360080 Relevance: .1, Instructions: 129COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 208 5360080-53600ad 211 53600b8-53602f9 208->211
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349890971.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5360000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 35aaec1ef438e9e83628483c18603fa74e45e939fe12c2cde2e9967ab9be8e21
                                                                                                • Instruction ID: 17859355895a8654b2d57e1bd95670b41a214d5040e6ed8261611d97cd1b9a20
                                                                                                • Opcode Fuzzy Hash: 35aaec1ef438e9e83628483c18603fa74e45e939fe12c2cde2e9967ab9be8e21
                                                                                                • Instruction Fuzzy Hash: A55141B1602346DFCB05DF36E4445CAB7A6FF9120C755886AD4444B369DB386D8DCF82
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05360006 Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 249 5360006-536006b 251 5360070 call 14705e7 249->251 252 5360070 call 1470606 249->252 253 5360070 call 5360310 249->253 254 5360070 call 5360301 249->254 255 5360070 call 53603bd 249->255 250 5360076 251->250 252->250 253->250 254->250 255->250
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349890971.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5360000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 424c67b335e68df1d1e405ca4d3042c0369d53ae4ea58e4848111f3e0f256a12
                                                                                                • Instruction ID: 3035b116057b369b3ff91f3c08c74486deeadef73e7f94ac585b05b8016a4f2e
                                                                                                • Opcode Fuzzy Hash: 424c67b335e68df1d1e405ca4d3042c0369d53ae4ea58e4848111f3e0f256a12
                                                                                                • Instruction Fuzzy Hash: 0D0128AA84E3C54FDB534B709C6A2903F70AE6321575F01DBC4C1CA5A7E55C494AD332
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014705E7 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 256 14705e7-1470620 258 1470626-1470643 256->258
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349436577.0000000001470000.00000040.00000020.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_1470000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b8db5c38990221d6167de2109113e04a908a0b7d0f0690147e9eff1ef3bbce20
                                                                                                • Instruction ID: b433d45cd8d13b29d783f98cea98c4512f122b277bc9234d49e7a74523310a0a
                                                                                                • Opcode Fuzzy Hash: b8db5c38990221d6167de2109113e04a908a0b7d0f0690147e9eff1ef3bbce20
                                                                                                • Instruction Fuzzy Hash: 86F0A4B65097846FD7118B06EC40862FFB8EB86620749C49FEC498B612D225B908CB76
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01470606 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 259 1470606-1470620 260 1470626-1470643 259->260
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349436577.0000000001470000.00000040.00000020.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_1470000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 737eb0d8cfd0a1321443dbf42bf491b7c219606bc9d989046f5f79f04e76dda6
                                                                                                • Instruction ID: 0de4d75736c81e5ae6e789b513a060a9315aa20556ce990fff933f86b8b09b9c
                                                                                                • Opcode Fuzzy Hash: 737eb0d8cfd0a1321443dbf42bf491b7c219606bc9d989046f5f79f04e76dda6
                                                                                                • Instruction Fuzzy Hash: A7E092BAA00A044B9650DF0BEC41452F7D8EB88630748C57FDC0D8B701D63AB509CAA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014C23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 261 14c23f4-14c23ff 262 14c2401-14c240e 261->262 263 14c2412-14c2417 261->263 262->263 264 14c2419 263->264 265 14c241a 263->265 266 14c2420-14c2421 265->266
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349487438.00000000014C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14c2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6f56d9c15844db9092de9d4d4e3bcc917b9fe66abaae847639ec596f554e6c8c
                                                                                                • Instruction ID: 1c0890c933ca8daf1b120fc3d9fc13c8c0e07a2bc65930957ab04c23e15a459a
                                                                                                • Opcode Fuzzy Hash: 6f56d9c15844db9092de9d4d4e3bcc917b9fe66abaae847639ec596f554e6c8c
                                                                                                • Instruction Fuzzy Hash: 7AD05E7E2056D14FE3169E1CC1A4F967BE4BB51B14F4A44FEA8408B773C7B8D581D601
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 014C23BC Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.2349487438.00000000014C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 014C2000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_14c2000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 058ffc0696279da4ef50df69640775e61d90ade6852324bef4c5bb23ae6607bf
                                                                                                • Instruction ID: 4b44eaecdd454edda168f816ed55133b714c4a90c4db99033bd8ab233b06ab0d
                                                                                                • Opcode Fuzzy Hash: 058ffc0696279da4ef50df69640775e61d90ade6852324bef4c5bb23ae6607bf
                                                                                                • Instruction Fuzzy Hash: 8FD017393402814BD755DA1CC2D4F5A3BD4AB40B15F0644ADA8108B772C7F8D980CA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Callgraph

                                                                                                Executed Functions

                                                                                                Function 0155A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 155a612-155a695 4 155a697 0->4 5 155a69a-155a6a3 0->5 4->5 6 155a6a5 5->6 7 155a6a8-155a6b1 5->7 6->7 8 155a6b3-155a6d7 CreateMutexW 7->8 9 155a702-155a707 7->9 12 155a709-155a70e 8->12 13 155a6d9-155a6ff 8->13 9->8 12->13
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0155A6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 100f9a1fbda4ea759ade5dbe82687c10c6ff5f0db1c81c994423c7169a17c15f
                                                                                                • Instruction ID: f0287a750e1754389a5383000f9220fcead8bbd8adc495fb349d6648f7f799a5
                                                                                                • Opcode Fuzzy Hash: 100f9a1fbda4ea759ade5dbe82687c10c6ff5f0db1c81c994423c7169a17c15f
                                                                                                • Instruction Fuzzy Hash: 7C31A1755093805FE712CB25CC45B96BFF8EF06214F08849AE984CF293D364E809CB72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 16 155a361-155a3cf 19 155a3d4-155a3dd 16->19 20 155a3d1 16->20 21 155a3e2-155a3e8 19->21 22 155a3df 19->22 20->19 23 155a3ed-155a404 21->23 24 155a3ea 21->24 22->21 26 155a406-155a419 RegQueryValueExW 23->26 27 155a43b-155a440 23->27 24->23 28 155a442-155a447 26->28 29 155a41b-155a438 26->29 27->26 28->29
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,D4BDB729,00000000,00000000,00000000,00000000), ref: 0155A40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 3183bcff71dc1d708a5cb1bc76d0e263ef7f2006331d0c02c85c0cd94de6bf65
                                                                                                • Instruction ID: 67781a66a3795a262e3169b53f1c6e5e8e01a29d2225a42ba687a7838ec3d303
                                                                                                • Opcode Fuzzy Hash: 3183bcff71dc1d708a5cb1bc76d0e263ef7f2006331d0c02c85c0cd94de6bf65
                                                                                                • Instruction Fuzzy Hash: 28318075504780AFE722CF15CC84F96BFF8EF05214F08859AE9858B293D364E949CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 33 155a462-155a4c3 36 155a4c5 33->36 37 155a4c8-155a4d4 33->37 36->37 38 155a4d6 37->38 39 155a4d9-155a4f0 37->39 38->39 41 155a527-155a52c 39->41 42 155a4f2-155a505 RegSetValueExW 39->42 41->42 43 155a507-155a524 42->43 44 155a52e-155a533 42->44 44->43
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,D4BDB729,00000000,00000000,00000000,00000000), ref: 0155A4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 4d503045c70fc175f4bb9751439a692bc50761898e6e212517883e348990a66a
                                                                                                • Instruction ID: b9e6fcf21ce7a1a086d17aa838e2a1e6e7c3934c0c762213103738914e2a9149
                                                                                                • Opcode Fuzzy Hash: 4d503045c70fc175f4bb9751439a692bc50761898e6e212517883e348990a66a
                                                                                                • Instruction Fuzzy Hash: C52192765043806FE7228F55DC44F67BFF8EF45214F08859AE985CB652D364E848CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 48 155a646-155a695 51 155a697 48->51 52 155a69a-155a6a3 48->52 51->52 53 155a6a5 52->53 54 155a6a8-155a6b1 52->54 53->54 55 155a6b3-155a6bb CreateMutexW 54->55 56 155a702-155a707 54->56 57 155a6c1-155a6d7 55->57 56->55 59 155a709-155a70e 57->59 60 155a6d9-155a6ff 57->60 59->60
                                                                                                APIs
                                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0155A6B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMutex
                                                                                                • String ID:
                                                                                                • API String ID: 1964310414-0
                                                                                                • Opcode ID: 42c12f5b3773900c286a96b2ad58f22869af4a9907e6c7952419bde4fcb147a4
                                                                                                • Instruction ID: ded2a428b4b82a4f2e82758cf5472faf84eb16c1c0b29983510c8ed066931841
                                                                                                • Opcode Fuzzy Hash: 42c12f5b3773900c286a96b2ad58f22869af4a9907e6c7952419bde4fcb147a4
                                                                                                • Instruction Fuzzy Hash: 76217F75A042449FE720CF25DC45BAABBE8EF04224F0488AAED458F642D775E809CF72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A710 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 79 155a710-155a778 81 155a7b9-155a7be 79->81 82 155a77a-155a782 FindCloseChangeNotification 79->82 81->82 84 155a788-155a79a 82->84 85 155a7c0-155a7c5 84->85 86 155a79c-155a7b8 84->86 85->86
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0155A780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: cab3ea7589199128010867b6aacd851fb2576cde5eee67fc9e2dda221fbb0be1
                                                                                                • Instruction ID: a2910159f0c9030cc60eb9585f4b6e4b2fe6f5831477ee944deeef10e53abe08
                                                                                                • Opcode Fuzzy Hash: cab3ea7589199128010867b6aacd851fb2576cde5eee67fc9e2dda221fbb0be1
                                                                                                • Instruction Fuzzy Hash: 9221C3B55083809FD7128F25DC95751BFB8EF02324F0984EBDC458F693D275A905DBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 63 155a392-155a3cf 65 155a3d4-155a3dd 63->65 66 155a3d1 63->66 67 155a3e2-155a3e8 65->67 68 155a3df 65->68 66->65 69 155a3ed-155a404 67->69 70 155a3ea 67->70 68->67 72 155a406-155a419 RegQueryValueExW 69->72 73 155a43b-155a440 69->73 70->69 74 155a442-155a447 72->74 75 155a41b-155a438 72->75 73->72 74->75
                                                                                                APIs
                                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,D4BDB729,00000000,00000000,00000000,00000000), ref: 0155A40C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: f3c9ba2472e1eda1d4362120e674a9a3aa01dcdc2c3ab9b3c0d89a2dcfcf7d72
                                                                                                • Instruction ID: f9f850e5ac6428ead0087ccd2b6390f64ac3354371af53ee32cf303f1a9f0c18
                                                                                                • Opcode Fuzzy Hash: f3c9ba2472e1eda1d4362120e674a9a3aa01dcdc2c3ab9b3c0d89a2dcfcf7d72
                                                                                                • Instruction Fuzzy Hash: EB218E756002049FE761CF55CC84FA6BBECEF04624F0885AAED468B652D364E849CAB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 88 155a486-155a4c3 90 155a4c5 88->90 91 155a4c8-155a4d4 88->91 90->91 92 155a4d6 91->92 93 155a4d9-155a4f0 91->93 92->93 95 155a527-155a52c 93->95 96 155a4f2-155a505 RegSetValueExW 93->96 95->96 97 155a507-155a524 96->97 98 155a52e-155a533 96->98 98->97
                                                                                                APIs
                                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,D4BDB729,00000000,00000000,00000000,00000000), ref: 0155A4F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value
                                                                                                • String ID:
                                                                                                • API String ID: 3702945584-0
                                                                                                • Opcode ID: 49d7e7be9258611f3431e4d4dfa842891b5ec9516064d63e7df09dca891b31ed
                                                                                                • Instruction ID: ce441dbf9d842086f1db514ed563535684f7a5f967e4af692ada14ec05849c36
                                                                                                • Opcode Fuzzy Hash: 49d7e7be9258611f3431e4d4dfa842891b5ec9516064d63e7df09dca891b31ed
                                                                                                • Instruction Fuzzy Hash: B0119376500604AFEB218F55DC45FABFBECEF04624F04855AED458B751D374E448CAB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0155A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 102 155a74e-155a778 103 155a7b9-155a7be 102->103 104 155a77a-155a782 FindCloseChangeNotification 102->104 103->104 106 155a788-155a79a 104->106 107 155a7c0-155a7c5 106->107 108 155a79c-155a7b8 106->108 107->108
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0155A780
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430805615.000000000155A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155A000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_155a000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                • String ID:
                                                                                                • API String ID: 2591292051-0
                                                                                                • Opcode ID: 3616f74b25d1ab4a7c70ff032e556464a2c0b9d66a939f05bedcf34fb8139bb6
                                                                                                • Instruction ID: 00dc646d664dabfebb30558df52ae8cede7a7f285acba2273782f5cb6450f55d
                                                                                                • Opcode Fuzzy Hash: 3616f74b25d1ab4a7c70ff032e556464a2c0b9d66a939f05bedcf34fb8139bb6
                                                                                                • Instruction Fuzzy Hash: DE018F756042448FEB51CF29E985766FBE4EF04224F08C4ABDD4A8F752D375E448CEA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05540310 Relevance: .2, Instructions: 188COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 110 5540310-5540334 112 5540336-5540338 110->112 113 554033e-5540346 110->113 112->113 114 554034e-5540391 113->114 115 5540348-554034d 113->115 118 5540393-55403ce 114->118 119 55403d8-5540418 114->119 118->119 126 554041f-5540434 119->126 127 554041a 119->127 129 5540436-5540460 126->129 130 554046b-5540523 126->130 127->126 129->130 149 5540525-5540569 130->149 150 5540570-5540587 130->150 149->150 151 5540880 150->151 152 554058d-55405bf 150->152 152->151
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2431321046.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_5540000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 54dfe3ae25592c7229c65b09f44eb6bfddb95381308d26085277e0ce5bbb2986
                                                                                                • Instruction ID: 60a7b0b63525ebf6c21fb813cc93a9389bd491a13746e2b4a9dc1507ffaf4f72
                                                                                                • Opcode Fuzzy Hash: 54dfe3ae25592c7229c65b09f44eb6bfddb95381308d26085277e0ce5bbb2986
                                                                                                • Instruction Fuzzy Hash: 7351E5307002018FDB58EB39986467E77E7BB89248F144569E406DF3E4DF39DC069BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 055403BD Relevance: .1, Instructions: 135COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 163 55403bd-5540418 171 554041f-5540434 163->171 172 554041a 163->172 174 5540436-5540460 171->174 175 554046b-5540523 171->175 172->171 174->175 194 5540525-5540569 175->194 195 5540570-5540587 175->195 194->195 196 5540880 195->196 197 554058d-55405bf 195->197 197->196
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2431321046.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_5540000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b61ba5337de1bf4ced5ba5134a401c5e0282b31d2c42aca791dddb205834729d
                                                                                                • Instruction ID: c1965cb38f637f6eb5a069e2b861801b0731d631c26653c3283cd6a0c288fb4b
                                                                                                • Opcode Fuzzy Hash: b61ba5337de1bf4ced5ba5134a401c5e0282b31d2c42aca791dddb205834729d
                                                                                                • Instruction Fuzzy Hash: 2941C7307002168BDB58AB79886427D76D7BFC5248F154929E806DF3E4DF3DCD0697A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05540080 Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 208 5540080-55400ad 211 55400b8-55402f9 208->211
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2431321046.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_5540000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 35de26c48b546a7d896308fc44be4a606abab4d37375071fac42635e0b2a9662
                                                                                                • Instruction ID: c0d519fc7d2c512d2bbebbacf6a5973f1e1c5642b7ea6d023c49e47fbfe9d245
                                                                                                • Opcode Fuzzy Hash: 35de26c48b546a7d896308fc44be4a606abab4d37375071fac42635e0b2a9662
                                                                                                • Instruction Fuzzy Hash: 785175702052468FCB04DF34E9548AAB7A6FF9830EF51A969E4448B369DF386D4DCB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 05540006 Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 249 5540006-554006d 251 5540070 call 5540310 249->251 252 5540070 call 5540301 249->252 253 5540070 call 16805e0 249->253 254 5540070 call 55403bd 249->254 255 5540070 call 1680606 249->255 250 5540076 251->250 252->250 253->250 254->250 255->250
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2431321046.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_5540000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f73f9c5092cb8bf912d2c0f1fa46c015263bb96c5dc89a810a30d2ac712d8727
                                                                                                • Instruction ID: e1fb641d4f6ef8595acdcd796f2cd0142f8a6c44e7d2e9b76a75335a9920ed5b
                                                                                                • Opcode Fuzzy Hash: f73f9c5092cb8bf912d2c0f1fa46c015263bb96c5dc89a810a30d2ac712d8727
                                                                                                • Instruction Fuzzy Hash: 5701A7A544E3C11FCB438BB06CA99927FB0AE13124B0F41D7D8C0CA4E3E28C9A59D763
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 016805E0 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 256 16805e0-1680620 258 1680626-1680643 256->258
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430923915.0000000001680000.00000040.00000020.00020000.00000000.sdmp, Offset: 01680000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_1680000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1b84bce878085381af0fb7f945b0b26db0759c171f15fb056ca2b3c9df508f85
                                                                                                • Instruction ID: 8c971bc8f110c38014b2cdbb12e89555103a1b8f96b6f1c9cc110c164a1d5639
                                                                                                • Opcode Fuzzy Hash: 1b84bce878085381af0fb7f945b0b26db0759c171f15fb056ca2b3c9df508f85
                                                                                                • Instruction Fuzzy Hash: 3601D6B550D7946FC712CF16EC40862FFB8DF86620709C4DFEC498B652D225A809CBB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01680606 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 259 1680606-1680620 260 1680626-1680643 259->260
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430923915.0000000001680000.00000040.00000020.00020000.00000000.sdmp, Offset: 01680000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_1680000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0e32115a71ab069ac41c4b60fa7b01e8afac0a072e2108c2d4cdeb2902d8718d
                                                                                                • Instruction ID: 703429a7c5f2127099cf40128f83dc982990c27f0dafcba62a704e082b0d581d
                                                                                                • Opcode Fuzzy Hash: 0e32115a71ab069ac41c4b60fa7b01e8afac0a072e2108c2d4cdeb2902d8718d
                                                                                                • Instruction Fuzzy Hash: E3E092B66046044B9750CF0AEC81462F7E8EB88630708C07FDC0D8B701E635B509CEA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 015523F4 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 261 15523f4-15523ff 262 1552401-155240e 261->262 263 1552412-1552417 261->263 262->263 264 1552419 263->264 265 155241a 263->265 266 1552420-1552421 265->266
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430790614.0000000001552000.00000040.00000800.00020000.00000000.sdmp, Offset: 01552000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_1552000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9fdd98d94c1960a4f337a0210e91e879663492761a781ccd7ba16db1f0d9d51e
                                                                                                • Instruction ID: a90c2c9ccc10e691812df6496460d79fdcafedbe1812f95d5ec0de7605bf8b1a
                                                                                                • Opcode Fuzzy Hash: 9fdd98d94c1960a4f337a0210e91e879663492761a781ccd7ba16db1f0d9d51e
                                                                                                • Instruction Fuzzy Hash: 8AD05E7A2057C1CFE3169E1CC1A4B993FE4BB51714F4A44FAAC408F763C768D581D601
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 015523BC Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000009.00000002.2430790614.0000000001552000.00000040.00000800.00020000.00000000.sdmp, Offset: 01552000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_9_2_1552000_3.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e55cc5d5ce8074855f90445ac12f23dd589837b9a586e986f9085a64c9388449
                                                                                                • Instruction ID: 1fc06170c375e14da96bce3d5e92d548956aa06771050ca009fc2635cddb6d89
                                                                                                • Opcode Fuzzy Hash: e55cc5d5ce8074855f90445ac12f23dd589837b9a586e986f9085a64c9388449
                                                                                                • Instruction Fuzzy Hash: E4D05E353402818BD715DE0CC2E4F5D3BD4BB40B15F0644E9AC108F762C7A8D9C0CB00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%